68061: Acronis True Image: fixed security vulnerabilities

Also read in:

use Google Translate

Operating Systems: 

    Last update: 18-05-2021

    Expand All / Hide All

    This article contains a list of security vulnerabilities fixed in different builds of Acronis True Image.

    Windows

    Product & Build Release date Fixed vulnerabilities
    Acronis True Image 2021 Update 5 March 30, 2021 See Acronis True Image 2021 Update 5: Security Content
    Acronis True Image 2021 Update 4 March 11, 2020 See Acronis True Image 2021 Update 4: Security Content
    Acronis True Image 2021 Update 3 (Build 35860) December 22, 2020
    • [SEC-2721]  Local privilege escalation was possible due to a DLL hijacking vulnerability in multiple components. The issue was assigned CVE-2020-35145, CVSS score 6.9 (medium severity). We would like to thank HackerOne researchers @vanitas, @z3ron3, @binary_01 for reporting this to us.
    Acronis True Image 2021 Update 2 (Build 34340) November 24, 2020
    • [SEC-1768] Antiransomware microservice did not authenticate inter-service communication. The issue was assigned CVE-2020-9450, CVSS score 4.9 (medium severity). We would like to thank HackerOne researcher @mjoensen for reporting this to us.
    Acronis True Image 2021 Update 1 (Build 32010) October 7, 2020
    • [SEC-2181] Local privilege escalation was possible due to a DLL injection vulnerability. The issue was assigned CVE-2020-10139, CVSS score 8.1 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas, @xnand for reporting this to us.
    • [SEC-2196] Local privilege escalation was possible due to insecure folder permissions. The issue was assigned CVE-2020-10140, CVSS score 8.7 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas for reporting this to us.
    Acronis True Image 2021 (Build 30290) August 20, 2020
    • [SEC-1766] Local privilege escalation was possible due to improper soft link handling. The issue was assigned CVE-2020-9451, CVSS score 5.9 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.
    • [SEC-1767] Possible denial of service due to insecure folder permissions. The issue was assigned CVE-2020-9452, CVSS score 4.2 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.
    • [SEC-2071] Local privilege escalation was possible due to insecure folder permissions. The issue was assigned CVE-2020-15496, CVSS score 6.4 (medium). We want to thank HackerOne researcher @theevilbit for reporting this to us.
    • [SEC-2072] Local privilege escalation was possible due to an insecure service configuration. The issue was assigned CVE-2020-15495, CVSS score 6.0 (medium).
    Acronis True Image 2020 Update 4 (Build 38530) February 16, 2021
    • SEC-2196 Local privilege escalation was possible due to insecure folder permissions. The issue was assigned CVE-2020-10140, CVSS score 8.7 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas for reporting this to us.
    • SEC-2181 Local privilege escalation was possible due to a DLL injection vulnerability. The issue was assigned CVE-2020-10139, CVSS score 8.1 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas, @xnand for reporting this to us.
    • SEC-2721 Local privilege escalation was possible due to DLL hijacking vulnerability in multiple components. The issue was assigned CVE-2020-35145, CVSS score 6.9 (medium severity). We would like to thank HackerOne researchers @vanitas, @z3ron3, @binary_01 for reporting this to us.
    • SEC-1766 - Local privilege escalation was possible due to improper soft link handling. The issue was assigned CVE-2020-9451, CVSS score 5.9 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.
    • SEC-1768 Antiransomware microservice did not authenticate inter-service communication. The issue was assigned CVE-2020-9450, CVSS score 4.9 (medium severity). We would like to thank HackerOne researcher @mjoensen for reporting this to us.
    • SEC-1767 - Possible denial of service due to insecure folder permissions. The issue was assigned CVE-2020-9452, CVSS score 4.2 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.

    See also Acronis True Image 2020 Update 4: Security Content

    Mac

    Product & Build Release date Fixed vulnerabilities
    Acronis True Image 2021 Update 5 for Mac March 30, 2021 See Acronis True Image 2021 Update 5: Security Content
    Acronis True Image 2021 Update 4 for Mac March 11, 2021 See Acronis True Image 2021 Update 4: Security Content
    Acronis True Image 2021 Update 1 for Mac (Build 33610) November 11, 2020
    • [SEC-2309] Local privilege escalation was possible due to insecure service configuration. The issue was assigned CVE-2020-25736, CVSS score 6.0 (medium). We want to thank HackerOne researcher @theevilbit for reporting this to us.
    • [SEC-2181] Local privilege escalation was possible due to a DLL injection vulnerability. The issue was assigned CVE-2020-10139, CVSS score 8.1 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas, @xnand for reporting this to us.
    Acronis True Image 2020 Update 4 for Mac (Build 26010) February 16, 2021
    • SEC-2071 Local privilege escalation was possible due to insecure folder permissions. The issue was assigned CVE-2020-25593, CVSS score 6.4 (medium). We want to thank HackerOne researcher @theevilbit for reporting this to us.
    • SEC-2309 Local privilege escalation was possible due to insecure service configuration. The issue was assigned CVE-2020-25736, CVSS score 6.0 (medium). We want to thank HackerOne researcher @theevilbit for reporting this to us.

    See also Acronis True Image 2020 Update 4: Security Content

    Tags: