CVE-2020-16171: SSRF
First published: Mon Sep 21 2020(Updated: )
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Acronis Cyber Backup | <=12.5 | |
| Acronis Cyber Backup | =12.5 | |
| Acronis Cyber Backup | =12.5-10130 | |
| Acronis Cyber Backup | =12.5-10330 | |
| Acronis Cyber Backup | =12.5-11010 | |
| Acronis Cyber Backup | =12.5-13160 | |
| Acronis Cyber Backup | =12.5-13400 | |
| Acronis Cyber Backup | =12.5-14280 | |
| Acronis Cyber Backup | =12.5-14330 | |
| Acronis Cyber Backup | =12.5-16180 | |
| Acronis Cyber Backup | =12.5-16318 | |
| Acronis Cyber Backup | =12.5-16327 | |
| Acronis Cyber Backup | =12.5-7641 | |
| Acronis Cyber Backup | =12.5-7970 | |
| Acronis Cyber Backup | =12.5-8850 | |
| Acronis Cyber Backup | =12.5-9010 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2020-16171.
What is the severity level of CVE-2020-16171?
The severity level of CVE-2020-16171 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2020-16171?
Acronis Cyber Backup before version 12.5 Build 16342 is affected by CVE-2020-16171.
How can CVE-2020-16171 be exploited?
CVE-2020-16171 can be exploited to conduct SSRF attacks by abusing an additional custom Shard header in the API endpoints.
Are there any references available for CVE-2020-16171?
Yes, you can find references for CVE-2020-16171 at the following links: [Link1](http://seclists.org/fulldisclosure/2020/Sep/33), [Link2](https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/acronis
- canonical/acronis cyber backup
- version/acronis cyber backup/12.5
- version/acronis cyber backup/12.5-10130
- version/acronis cyber backup/12.5-10330
- version/acronis cyber backup/12.5-11010
- version/acronis cyber backup/12.5-13160
- version/acronis cyber backup/12.5-13400
- version/acronis cyber backup/12.5-14280
- version/acronis cyber backup/12.5-14330
- version/acronis cyber backup/12.5-16180
- version/acronis cyber backup/12.5-16318
- version/acronis cyber backup/12.5-16327
- version/acronis cyber backup/12.5-7641
- version/acronis cyber backup/12.5-7970
- version/acronis cyber backup/12.5-8850
- version/acronis cyber backup/12.5-9010