Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges.
The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals.
Tracked as CVE-2020-10138 (CVSS score 8.1), the first of the bugs affects Acronis Cyber Backup 12.5 and Cyber Protect 15 and resides in a privileged service that uses “an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:jenkins_agent.”
Given that unprivileged Windows users are able to create subdirectories off of the system root, it is possible for a user to create the appropriate path to an openssl.cnf file that would allow them to run arbitrary code with SYSTEM privileges.
The second flaw, CVE-2020-10139 (CVSS score 8.1), was found in Acronis True Image 2021 and is similar to CVE-2020-10138: an unprivileged user can abuse the privileged service to execute a specially-crafted openssl.cnf file with SYSTEM privileges.
Identified in Acronis True Image 2021 and tracked as CVE-2020-10140 (CVSS score 8.7), the third vulnerability exists because the backup software fails to properly set access control lists (ACLs) for the C:ProgramDataAcronis directory.
Thus, an unprivileged user could place a DLL in one of the multiple paths within that directory and achieve arbitrary code execution through privileged processes that are executed from C:ProgramDataAcronis, the CERT/CC note reveals.
“By placing a specially-crafted openssl.cnf or DLL file in a specific location, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Acronis software installed. See DLL Search Order Hijacking for more details,” CERT/CC explains.
Acronis True Image 2021 build 32010, Acronis Cyber Backup 12.5 build 16363, and Acronis Cyber Protect 15 build 24600 were released in early October 2020 with patches for these vulnerabilities.
Related: Google Patches Privilege Escalation Vulnerability in Cloud Service
Related: Microsoft Patches Code Execution, Privilege Escalation Flaws in Azure Sphere
Related: Intel Patches Many Privilege Escalation Vulnerabilities in Server Boards
Related: Windows Vulnerabilities Exploited for Code Execution, Privilege Escalation
More from Ionut Arghire
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
- New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
- CISA Seeks Public Opinion on Cloud Application Security Guidance
Latest News
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
- Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
