Denial of Service Vulnerability in Acronis True Image by Acronis
CVE-2020-9451

5.5MEDIUM

Key Information:

Vendor

Acronis
Status
True Image 2020
Vendor
CVE Published:
25 May 2021

What is CVE-2020-9451?

A vulnerability exists in Acronis True Image 2020 where the anti_ransomware_service.exe logs are improperly managed. The logs are stored in a directory accessible to unprivileged users, allowing them to create hardlinks to a future log file. This manipulation forces the anti_ransomware_service to attempt writing its log directly into its own executable path, resulting in a crash during system reboots due to sharing violations. The implications of this vulnerability can lead to persistent service disruption, making it a concern for system stability.

References

https://www.acronis.com
x_refsource_MISC
https://danishcyberdefence.dk/blog
x_refsource_MISC
https://madsjoensen.dk/cve-2020-9451/
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.