CVE-2020-9451

5.5MEDIUM

Key Information:

Vendor
Acronis
Status
True Image 2020
Vendor
CVE Published:
25 May 2021

Summary

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created) log file to anti_ransomware_service.exe. On reboot, this forces the anti_ransomware_service to try to write its log into its own process, crashing in a SHARING VIOLATION. This crash occurs on every reboot.

References

https://www.acronis.com
x_refsource_MISC
https://danishcyberdefence.dk/blog
x_refsource_MISC
https://madsjoensen.dk/cve-2020-9451/
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.