Vulnerability Details : CVE-2020-9452
Potential exploit
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.
Products affected by CVE-2020-9452
- cpe:2.3:a:acronis:true_image_2020:24.5.22510:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-9452
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-9452
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-9452
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-9452
-
https://danishcyberdefence.dk/blog
Cyber security posts, news, research, posts and publications | Danish Cyber DefenceThird Party Advisory
-
https://www.acronis.com
AcronisVendor Advisory
-
https://madsjoensen.dk/cve-2020-9452/
Mads Joensen's Digital GardenExploit;Third Party Advisory
Jump to