CVE-2020-9450

7.8HIGH

Key Information:

Vendor
Acronis
Status
True Image 2020
Vendor
CVE Published:
25 May 2021

Summary

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe.

References

https://www.acronis.com
x_refsource_MISC
https://danishcyberdefence.dk/blog
x_refsource_MISC
https://madsjoensen.dk/cve-2020-9450/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.