68396: Acronis True Image 2020 Update 4: Security Content

use Google Translate

Last update: 29-03-2021

We work closely with the security community and embrace researches who contribute towards the optimization of our products. If you believe you have found a security issue, please report it to us as soon as possible via hackerone.com/acronis.

We see no signs of active exploitation of the vulnerabilities listed on this page.

Windows

SEC-2196

Severity: CVSS:3.0 8.7 High

Summary: Local privilege escalation was possible due to insecure folder permissions

Credits: We would like to thank HackerOne researchers @adr, @mmg, @vanitas for reporting this to us

CVE-2020-10140

SEC-2181

Severity: CVSS:3.0 8.1 High

Summary: Local privilege escalation was possible due to a DLL injection vulnerability

Credits: We would like to thank HackerOne researchers @adr, @mmg, @vanitas, @xnand for reporting this to us

CVE-2020-10139

SEC-2721

Severity: CVSS:3.0 6.9 Medium

Summary: Local privilege escalation was possible due to DLL hijacking vulnerability in multiple components

Credits: We would like to thank HackerOne researchers @vanitas, @z3ron3, @binary_01 for reporting this to us

CVE-2020-35145

SEC-1766

Severity: CVSS:3.0 6.9 Medium

Summary: Local privilege escalation was possible due to improper soft link handling

Credits: We would like to thank HackerOne researcher @mjoensen for reporting this to us

CVE-2020-9451

SEC-1768

Severity: CVSS:3.0 5.4 Medium

Summary: Antiransomware microservice did not authenticate inter-service communication

Credits: We would like to thank HackerOne researcher @mjoensen for reporting this to us

CVE-2020-9450

SEC-1767

Severity: CVSS:3.0 4.7 Medium

Summary: Possible denial of service due to insecure folder permissions

Credits: We would like to thank HackerOne researcher @mjoensen for reporting this to us

CVE-2020-9452

Mac

SEC-2071

Severity: CVSS:3.0 6.7 Medium

Summary: Local privilege escalation was possible due to insecure folder permissions

Credits: We would like to thank HackerOne researcher @theevilbit for reporting this to us

CVE-2020-25593

SEC-2309

Severity: CVSS:3.0 6.4 Medium

Summary: Local privilege escalation was possible due to insecure service configuration

Credits: We would like to thank HackerOne researcher @theevilbit for reporting this to us

CVE-2020-25736

 

Tags: