Title: Acronis True Image Echo Enterprise Server Multiple Remote Denial of Service Vulnerabilities
Severity: MODERATE
Description:
Acronis True Image Echo Enterprise Server is an application that allows users to view and manage backups for all systems on the network.
Acronis True Image Echo Enterprise Server is prone to multiple remote denial-of-service vulnerabilities:
- A denial-of-service vulnerability occurs when the application handles 16- bit fields that specify the length of the data contained in the packet. Specifically, the application fails to perform adequate boundary checks on user-supplied data before copying it into a fixed-sized buffer. This will result in a read access violation, causing the affected application to terminate. Given the nature of this issue, arbitrary code execution may also be possible, but this has not been confirmed.
- A denial-of-service vulnerability occurs because of a NULL-pointer exception when handling specially crafted packets.
An attacker can exploit these issues to crash the affected application, denying service to legitimate users.
Affected Products:
- Acronis True Image Echo Enterprise Server 9.5.0.8072
References:
- Acronis: Acronis True Image Echo Enterprise Server Homepage
- Luigi Auriemma: Acronis True Image Group NULL pointer
- Luigi Auriemma: Acronis True Image Group Server Memory Access
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
