Vulnerability-Lookup

CNVD-2021-58661

Vulnerability from cnvd - Published: 2021-08-05

Title

Acronis True Image任意文件覆盖漏洞

Description

Acronis True Image是新加坡安克诺斯（Acronis）的一款著名的数据备份还原软件。该软件可用于创建驱动器和磁盘映像，并在需要干净系统时可以还原镜像。 Acronis True Image 2020 24.5.22510版本存在任意文件覆盖漏洞，攻击者可利用该漏洞写覆盖任意文件夹中的任意文件。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.acronis.com/

Reference

https://danishcyberdefence.dk/blog

Impacted products

Name
Acronis True Image 2020 24.5.22510

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9452",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9452"
    }
  },
  "description": "Acronis True Image\u662f\u65b0\u52a0\u5761\u5b89\u514b\u8bfa\u65af\uff08Acronis\uff09\u7684\u4e00\u6b3e\u8457\u540d\u7684\u6570\u636e\u5907\u4efd\u8fd8\u539f\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u7528\u4e8e\u521b\u5efa\u9a71\u52a8\u5668\u548c\u78c1\u76d8\u6620\u50cf\uff0c\u5e76\u5728\u9700\u8981\u5e72\u51c0\u7cfb\u7edf\u65f6\u53ef\u4ee5\u8fd8\u539f\u955c\u50cf\u3002\n\nAcronis True Image 2020 24.5.22510\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8986\u76d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u8986\u76d6\u4efb\u610f\u6587\u4ef6\u5939\u4e2d\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.acronis.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-58661",
  "openTime": "2021-08-05",
  "products": {
    "product": "Acronis True Image 2020 24.5.22510"
  },
  "referenceLink": "https://danishcyberdefence.dk/blog",
  "serverity": "\u9ad8",
  "submitTime": "2021-05-26",
  "title": "Acronis True Image\u4efb\u610f\u6587\u4ef6\u8986\u76d6\u6f0f\u6d1e"
}

CVE-2020-9452 (GCVE-0-2020-9452)

Vulnerability from cvelistv5 – Published: 2021-05-25 11:21 – Updated: 2024-08-04 10:26

Summary

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
https://www.acronis.com	x_refsource_MISC
https://danishcyberdefence.dk/blog	x_refsource_MISC
https://madsjoensen.dk/cve-2020-9452/	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.acronis.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://danishcyberdefence.dk/blog"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://madsjoensen.dk/cve-2020-9452/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-25T11:21:58.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.acronis.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://danishcyberdefence.dk/blog"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://madsjoensen.dk/cve-2020-9452/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.acronis.com",
              "refsource": "MISC",
              "url": "https://www.acronis.com"
            },
            {
              "name": "https://danishcyberdefence.dk/blog",
              "refsource": "MISC",
              "url": "https://danishcyberdefence.dk/blog"
            },
            {
              "name": "https://madsjoensen.dk/cve-2020-9452/",
              "refsource": "MISC",
              "url": "https://madsjoensen.dk/cve-2020-9452/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-9452",
    "datePublished": "2021-05-25T11:21:58.000Z",
    "dateReserved": "2020-02-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:26:16.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-58661

CVE-2020-9452 (GCVE-0-2020-9452)

Tags

Sightings

Nomenclature