RSS   Podatności dla 'True image'   RSS

2020-10-21
 
CVE-2020-10140

CWE-732
 

 
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.

 
 
CVE-2020-10139

CWE-269
 

 
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

 
2017-06-21
 
CVE-2017-3219

CWE-345
 

 
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.

 
2008-03-10
 
CVE-2008-1280

CWE-20
 

 
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.

 
 
CVE-2008-1279

CWE-20
 

 
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.

 

 >>> Vendor: Acronis 6 Produkty
True image
True image windows agent
Snap deploy
True image echo server
Cyber backup
Cyber protect


Copyright 2020, cxsecurity.com

 

Back to Top