A vulnerability classified as critical has been found in Acronis Cyber Backup up to 12.5 Build 16341 (Backup Software). Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (SSRF).
Businesses can be at risk of losing important data. Lost data leads to costly downtime, customer dissatisfaction, regulatory fines, and lost revenue. As a result, IT pros must meet extremely high expectations. You need to keep the company running 24-hours a day.
Acronis Cyber Backup delivers the data protection that meets today’s demands. It keeps your business running, protecting any workload, scaling without limits, and saving you money.
CWE is classifying the issue as CWE-918 . This is going to have an impact on confidentiality, integrity, and availability.
The bug was discovered 07/30/2020. The weakness was presented 09/14/2020 as confirmed mailinglist post (Full-Disclosure). The advisory is available at seclists.org . This vulnerability is traded as CVE-2020-16171 . It is possible to launch the attack remotely. The exploitation doesn’t require any form of authentication. The technical details are unknown and an exploit is not available.
The vulnerability was handled as a non-public zero-day exploit for at least 46 days.
Upgrading to version 12.5 Build 16342 eliminates this vulnerability.