REST API Vulnerability in Acronis True Image Software
CVE-2020-9450

7.8HIGH

Key Information:

Vendor
Acronis
Status
True Image 2020
Vendor
CVE Published:
25 May 2021

Summary

Acronis True Image 2020 features a significant security issue wherein its anti_ransomware_service.exe exposes a REST API accessible to all users, including those without privileges. This vulnerability allows potential attackers to add malicious executables to the software's whitelist or to exclude entire drives from monitoring, thereby bypassing critical security features designed to protect user data and systems. Users of affected versions should take immediate measures to secure their configurations and monitor for potential exploitation.

References

https://www.acronis.com
x_refsource_MISC
https://danishcyberdefence.dk/blog
x_refsource_MISC
https://madsjoensen.dk/cve-2020-9450/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.