// For flags

CVE-2020-9452

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.

Se detectó un problema en Acronis True Image 2020 versiones 24.5.22510. El archivo anti_ransomware_service.exe incluye la funcionalidad para poner en cuarentena archivos al copiar un archivo sospechoso de ransomware de un directorio a otro usando privilegios SYSTEM. Debido a que usuarios no privilegiados presentan permisos de escritura en la carpeta de cuarentena, es posible controlar esta escritura privilegiada con un enlace físico. Esto significa para un usuario no privilegiado poder escribir o sobrescribir archivos arbitrarios en carpetas arbitrarias. Escalar privilegios a SYSTEM es trivial con escrituras arbitrarias. Si bien la funcionalidad quarantine no está habilitada por defecto, puede ser forzado a copiar el archivo a la cuarentena comunicándose con anti_ransomware_service.exe por medio de su API REST

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-02-28 CVE Reserved
  • 2021-05-25 CVE Published
  • 2023-08-17 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (3)
URL Tag Source
https://danishcyberdefence.dk/blog Third Party Advisory
URL Date SRC
https://madsjoensen.dk/cve-2020-9452 2024-08-04
URL Date SRC
URL Date SRC
https://www.acronis.com 2022-07-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Acronis
Search vendor "Acronis"
 True Image 2020
Search vendor "Acronis" for product "True Image 2020"
 24.5.22510
Search vendor "Acronis" for product "True Image 2020" and version "24.5.22510"
-
Affected