CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9450
https://notcve.org/view.php?id=CVE-2020-9450
25 May 2021 — An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe. Se detectó un problema en Acronis True Image 2020 versiones 24.5.22510. El archivo anti_ransomware_... • https://danishcyberdefence.dk/blog • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9451
https://notcve.org/view.php?id=CVE-2020-9451
25 May 2021 — An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created) log file to anti_ransomware_service.exe. On reboot, this forces the anti_ransomware_service to try to write its log into its own process, crashing in a SHARING VIOLATION. This crash occurs on every reboot. Se detectó un pro... • https://danishcyberdefence.dk/blog • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35145
https://notcve.org/view.php?id=CVE-2020-35145
29 Jan 2021 — Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. Acronis True Image para Windows versiones anteriores a 2021 Update 3, permitía una escalada de privilegios locales debido a una vulnerabilidad de secuestro DLL en múltiples componentes, también se conoce como un problema de Ruta de Búsqueda No Confiable • https://www.acronis.com/en-us/products/true-image • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10139
https://notcve.org/view.php?id=CVE-2020-10139
21 Oct 2020 — Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. Acronis True Image 2021 incluye un componente OpenSSL que especifica ... • https://www.kb.cert.org/vuls/id/114757 • CWE-284: Improper Access Control CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10140
https://notcve.org/view.php?id=CVE-2020-10140
21 Oct 2020 — Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis. Acronis True Image 2021 no configura correctamente las ACL del directorio C:\ProgramData\Acronis. Debido a que algunos procesos privilegiados se ejecutan desde C:\ProgramData\Acronis... • https://www.kb.cert.org/vuls/id/114757 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3219
https://notcve.org/view.php?id=CVE-2017-3219
21 Jun 2017 — Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. Acronis True Image hasta e incluyendo la versión 2017 Build 8053 realiza actualizaciones de software mediante HTTP. Las actualizaciones descargadas solo se verifican por medio de un hash MD5 proporcionado por el servidor. • http://www.securityfocus.com/bid/99128 • CWE-311: Missing Encryption of Sensitive Data CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3671
https://notcve.org/view.php?id=CVE-2008-3671
13 Aug 2008 — Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Acronis True Image Echo Server 9.x build 8072 en Linux no encripta correctamente las copias de seguridad a un servidor FTP, lo que permite a atacantes remotos obtener información sensible. NOTA: el origen de esta información es... • http://secunia.com/advisories/30856 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-1279
https://notcve.org/view.php?id=CVE-2008-1279
10 Mar 2008 — Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. Acronis True Image Group Server 1.5.19.191 y anteriores, incluídos en Acronis True Image Enterprise Server 9.5.0.8072 y los otros paquetes True Image, permiten a atacantes remotos causar una denegación de servicio (caída)... • http://aluigi.altervista.org/adv/acrogroup-adv.txt • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-1280
https://notcve.org/view.php?id=CVE-2008-1280
10 Mar 2008 — Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. Acronis True Image Windows Agent 1.0.0.54 y anteriores, incluídos en Acronis True Image Enterprise Server 9.5.0.8072 y los otros paquetes True Image, permite a atacantes remotos causar una denegación de servicio (caída) a... • http://aluigi.altervista.org/adv/acroagent-adv.txt • CWE-20: Improper Input Validation •