CVE-2020-10138

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
References
Link Resource
https://www.kb.cert.org/vuls/id/114757 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/114757 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:acronis:cyber_backup:*:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:54

Type Values Removed Values Added
References () https://www.kb.cert.org/vuls/id/114757 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/114757 - Third Party Advisory, US Government Resource

Information

Published : 2020-10-21 14:15

Updated : 2024-11-21 04:54


NVD link : CVE-2020-10138

Mitre link : CVE-2020-10138

CVE.ORG link : CVE-2020-10138


JSON object : View

Products Affected

acronis

  • cyber_protect
  • cyber_backup
CWE
CWE-284

Improper Access Control

CWE-665

Improper Initialization