Acronis patched multiple privilege escalation vulnerabilities

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,596

Overview​

Acronis True Image, Cyber Backup, and Cyber Protection all contain privilege escalation vulnerabilities, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges.

Description​

CVE-2020-10138

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

CVE-2020-10139

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis directory, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.

Impact​

By placing a specially-crafted openssl.cnf or DLL file in a specific location, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Acronis software installed. See DLL Search Order Hijacking for more details.

Solution​

Apply an update​

These vulnerabilities are addressed in Acronis True Image 2021 build 32010 (release notes), Acronis Cyber Backup 12.5 build 16363 (release notes), and Acronis Cyber Protect 15 build 24600 (release notes).
Click to expand...

CERT/CC Vulnerability Note VU#114757

Acronis backup software contains multiple privilege escalation vulnerabilities
kb.cert.org kb.cert.org
 
  • Like
  • Thanks
Reactions: Protomartyr, silversurfer, sweetpeageeker2019 and 3 others

Similar threads

CyberPanther
    • Like
New Update ESET patches High-Severity Privilege Escalation Vulnerability
Replies
0
Views
1,450
ESET
CyberPanther
CyberPanther
Gandalf_The_Grey
    • Like
    • +Reputation
Security News December Android updates fix critical zero-click RCE flaw
Replies
0
Views
1,329
Security News
Gandalf_The_Grey
Gandalf_The_Grey
CyberPanther
    • Like
Security News VULNERABILITIES Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
Replies
0
Views
726
Security News
CyberPanther
CyberPanther

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top