CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9452
https://notcve.org/view.php?id=CVE-2020-9452
25 May 2021 — An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with ... • https://danishcyberdefence.dk/blog • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9450
https://notcve.org/view.php?id=CVE-2020-9450
25 May 2021 — An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe. Se detectó un problema en Acronis True Image 2020 versiones 24.5.22510. El archivo anti_ransomware_... • https://danishcyberdefence.dk/blog • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9451
https://notcve.org/view.php?id=CVE-2020-9451
25 May 2021 — An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created) log file to anti_ransomware_service.exe. On reboot, this forces the anti_ransomware_service to try to write its log into its own process, crashing in a SHARING VIOLATION. This crash occurs on every reboot. Se detectó un pro... • https://danishcyberdefence.dk/blog • CWE-276: Incorrect Default Permissions •