CVE-2020-10139
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Acronis True Image 2021 incluye un componente OpenSSL que especifica una variable OPENSSLDIR como un subdirectorio dentro de C:\jenkins_agent\. Acronis True Image contiene un servicio privilegiado que usa este componente de OpenSSL. Debido a que los usuarios de Windows no privilegiados pueden crear subdirectorios fuera del root del sistema, un usuario puede crear la ruta apropiada a un archivo openssl.cnf especialmente diseñado para lograr una ejecución de código arbitraria con privilegios SYSTEM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-05 CVE Reserved
- 2020-10-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-665: Improper Initialization
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.kb.cert.org/vuls/id/114757 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Acronis Search vendor "Acronis" | True Image Search vendor "Acronis" for product "True Image" | 2021 Search vendor "Acronis" for product "True Image" and version "2021" | - |
Affected
| ||||||