CVE-2020-16171

MEDIUM

Acronis Cyber Backup < 12.5 - Server-Side Request Forgery via Custom Shard Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-16171. PoCs published by Julien Ahrens.

AI-analyzed exploit summary This is a detailed writeup describing an unauthenticated SSRF vulnerability in Acronis Cyber Backup 12.5 Build 16341. The vulnerability arises from the improper handling of the 'Shard' header, allowing attackers to make internal requests to otherwise unreachable services.

Description

An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.

Exploits (1)

exploitdb WRITEUP

by Julien Ahrens · pythonwebappsmultiple

https://www.exploit-db.com/exploits/49113

View Code ZIP pw:eip

This is a detailed writeup describing an unauthenticated SSRF vulnerability in Acronis Cyber Backup 12.5 Build 16341. The vulnerability arises from the improper handling of the 'Shard' header, allowing attackers to make internal requests to otherwise unreachable services.

Classification

Writeup 100%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Acronis Cyber Backup 12.5 Build 16341 and below

No auth needed

Prerequisites: Network access to the target system

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2020/Sep/33

Third Party Advisory x_refsource_misc

https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/

Scores

CVSS v3 6.5

EPSS 0.0551

EPSS Percentile 91.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-918

Status published

Products (2)

acronis/cyber_backup 12.5 (15 CPE variants)

acronis/cyber_backup < 12.5

Published Sep 21, 2020

Tracked Since Feb 18, 2026