CVE-2021-32581 – This vulnerability allows man-in-the-middle att... (How to Fix)

Q: What is the severity of CVE-2021-32581?

CVE-2021-32581 has a CVSS score of 8.1 (HIGH). This vulnerability allows man-in-the-middle attackers to intercept and manipulate communications between Acronis products and their servers due to missing SSL certificate validation. Affected users include anyone running vulnerable versions of Acronis True Image for Windows/Mac, Acronis Agent, or Acronis Cyber Protect.

📋 TL;DR

This vulnerability allows man-in-the-middle attackers to intercept and manipulate communications between Acronis products and their servers due to missing SSL certificate validation. Affected users include anyone running vulnerable versions of Acronis True Image for Windows/Mac, Acronis Agent, or Acronis Cyber Protect.

💻 Affected Systems

Products:

Acronis True Image for Windows
Acronis True Image for Mac
Acronis Agent
Acronis Cyber Protect

Versions: Acronis True Image prior to 2021 Update 4 (Windows), prior to 2021 Update 5 (Mac), Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept backup data, inject malicious updates, steal credentials, or deploy ransomware through compromised updates.

🟠

Likely Case

Data interception during backup/restore operations, credential theft from authentication flows, or installation of malicious software updates.

🟢

If Mitigated

Limited impact if network segmentation prevents man-in-the-middle positioning or if using isolated backup environments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires man-in-the-middle positioning but is technically simple once positioned.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Acronis True Image 2021 Update 4 (Windows), 2021 Update 5 (Mac), Acronis Agent build 26653+, Acronis Cyber Protect build 27009+

Vendor Advisory: https://kb.acronis.com/content/68413

Restart Required: Yes

Instructions:

1. Open Acronis product. 2. Check for updates in settings. 3. Install available updates. 4. Restart the application or system as prompted.

🔧 Temporary Workarounds

Network segmentation

all

Isolate Acronis systems from untrusted networks to prevent man-in-the-middle attacks.

Disable automatic updates

all

Temporarily disable automatic updates and manually verify updates before installation.

🧯 If You Can't Patch

Deploy network monitoring for SSL/TLS anomalies and unexpected certificate changes.
Implement strict outbound firewall rules limiting Acronis traffic to known legitimate endpoints only.

🔍 How to Verify

Check if Vulnerable:

Check version in Acronis product settings against affected versions listed in advisory.

Check Version:

Check Help > About in Acronis interface or consult system documentation for command-line version check.

Verify Fix Applied:

Confirm version is updated to patched versions and test SSL certificate validation with controlled man-in-the-middle test.

📡 Detection & Monitoring

Log Indicators:

Failed SSL/TLS handshake logs, unexpected certificate warnings in application logs

Network Indicators:

Unencrypted traffic to Acronis servers, SSL/TLS protocol anomalies, certificate validation failures

SIEM Query:

source="acronis" AND (event="ssl_error" OR event="certificate_validation_failed")

📊 Metadata

CVE ID: CVE-2021-32581

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-295

Published: August 5, 2021

Last Updated: November 21, 2024

🔗 References

https://kb.acronis.com/content/68413 Vendor Advisory
https://kb.acronis.com/content/68419 Vendor Advisory
https://kb.acronis.com/content/68648 Vendor Advisory
https://kb.acronis.com/content/68413 Vendor Advisory
https://kb.acronis.com/content/68419 Vendor Advisory
https://kb.acronis.com/content/68648 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32581, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cyber Protect Cloud by Acronis

Cyber Protection Agent by Acronis

True Image by Acronis

True Image by Acronis

True Image by Acronis

True Image by Acronis

True Image by Acronis

True Image by Acronis

True Image by Acronis

True Image by Acronis

True Image by Acronis

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network segmentation

Disable automatic updates

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities