CVE-2020-9452

Exploit

EPSS 0.04%
Published 25.05.2021 12:15:07
Last modified 21.11.2024 05:40:40
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Acronis ≫ True Image 2020 Version24.5.22510

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.101

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://www.acronis.com

Vendor Advisory

https://danishcyberdefence.dk/blog

Third Party Advisory

https://madsjoensen.dk/cve-2020-9452/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-9452

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9452

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9452

EUVD