CVE-2021-44206— Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-44206
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Acronis Cyber Protect和Acronis True Image 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Acronis Cyber Protect和Acronis True Image都是新加坡安克诺斯(Acronis)的产品。Acronis Cyber Protect是一款网络保护产品。该软件为企业提供数据备份、灾难恢复、基于人工智能的恶意软件保护等功能。Acronis True Image是一款著名的数据备份还原软件。该软件可用于创建驱动器和磁盘映像,并在需要干净系统时可以还原镜像。 Acronis Cyber Protect Home Office和Acronis True Image 202
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Acronis | Acronis Cyber Protect Home Office | unspecified ~ 39612 | - | |
| Acronis | Acronis True Image 2021 | unspecified ~ 39287 | - |
II. Public POCs for CVE-2021-44206
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-44206
请登录查看更多情报信息。
- https://security-advisory.acronis.com/advisories/SEC-3058x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-44206
Same Patch Batch · Acronis · 2022-02-04 · 6 CVEs total
| CVE-2021-44204 | Local privilege escalation via named pipe due to improper access control checks | |
| CVE-2021-44205 | Local privilege escalation due to DLL hijacking vulnerability | |
| CVE-2022-24113 | Local privilege escalation due to excessive permissions assigned to child processes | |
| CVE-2022-24114 | Local privilege escalation due to race condition on application startup | |
| CVE-2022-24115 | Local privilege escalation due to unrestricted loading of unsigned libraries |
IV. Related Vulnerabilities
Same weakness: CWE-427
- CVE-2026-44406
DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartvie - CVE-2026-40004
openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud - CVE-2026-21661
AC2000 Uncontrolled Search Path Element - CVE-2026-6788
Uncontrolled search path in PluginLauncher allows SYSTEM cod - CVE-2026-25852
Acronis DeviceLock DLP 代码问题漏洞
V. Comments for CVE-2021-44206
No comments yet