Local Privilege Escalation Vulnerability in Acronis True Image for Windows
CVE-2020-35145

7.8HIGH

Key Information:

Vendor: Acronis
Status: True Image
Vendor: CVE Published:; 29 January 2021

What is CVE-2020-35145?

Acronis True Image for Windows prior to 2021 Update 3 is susceptible to a local privilege escalation vulnerability stemming from DLL hijacking. This issue arises from an Untrusted Search Path, allowing attackers to potentially execute arbitrary code with elevated privileges. Users are encouraged to update to the latest version to mitigate this risk.

References

https://www.acronis.com/en-us/products/true-image/

x_refsource_MISC

https://www.acronis.com/en-us/support/updates/changes.htm...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2021
Vulnerability Reserved
Dec 11, 2020