SSL Certificate Validation Flaw in Acronis True Image and Cyber Protect
CVE-2021-32581

8.1HIGH

Key Information:

Vendor
Acronis
Status
True Image
Cyber Protect Cloud
Cyber Protection Agent
Vendor
CVE Published:
5 August 2021

Summary

Certain versions of Acronis True Image and Acronis Cyber Protect did not properly implement SSL certificate validation, potentially allowing attackers to intercept sensitive data during transmission. This oversight could lead to information disclosure and compromise user security. Users are encouraged to update to the latest versions to mitigate the associated risks.

References

https://kb.acronis.com/content/68419
x_refsource_MISC
https://kb.acronis.com/content/68413
x_refsource_MISC
https://kb.acronis.com/content/68648
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.