Denial of Service Vulnerability in Acronis True Image by Acronis
CVE-2020-9451
5.5MEDIUM
Summary
A vulnerability exists in Acronis True Image 2020 where the anti_ransomware_service.exe logs are improperly managed. The logs are stored in a directory accessible to unprivileged users, allowing them to create hardlinks to a future log file. This manipulation forces the anti_ransomware_service to attempt writing its log directly into its own executable path, resulting in a crash during system reboots due to sharing violations. The implications of this vulnerability can lead to persistent service disruption, making it a concern for system stability.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved