True Image
by Acronis
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32580 | 0.00 | — | 0.00 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. | |||
| CVE-2021-32579 | 0.00 | — | 0.00 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API. | |||
| CVE-2020-15495 | 0.00 | — | 0.00 | Jul 15, 2021 | Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | |||
| CVE-2020-25593 | 0.00 | — | 0.00 | Jul 15, 2021 | Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | |||
| CVE-2020-15496 | 0.00 | — | 0.00 | Jul 15, 2021 | Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | |||
| CVE-2020-9452 | 0.00 | — | 0.00 | May 25, 2021 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions… | |||
| CVE-2020-9450 | 0.00 | — | 0.00 | May 25, 2021 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an… | |||
| CVE-2020-9451 | 0.00 | — | 0.00 | May 25, 2021 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet… | |||
| CVE-2020-35145 | 0.00 | — | 0.01 | Jan 29, 2021 | Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | |||
| CVE-2020-10140 | 0.00 | — | 0.00 | Oct 21, 2020 | Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of… | |||
| CVE-2020-10139 | 0.00 | — | 0.00 | Oct 21, 2020 | Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories… | |||
| CVE-2008-1279 | 0.00 | — | 0.02 | Mar 10, 2008 | Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an… | |||
| CVE-2008-1280 | 0.00 | — | 0.02 | Mar 10, 2008 | Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer… |
- CVE-2021-32580Aug 5, 2021risk 0.00cvss —epss 0.00
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.
- CVE-2021-32579Aug 5, 2021risk 0.00cvss —epss 0.00
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.
- CVE-2020-15495Jul 15, 2021risk 0.00cvss —epss 0.00
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.
- CVE-2020-25593Jul 15, 2021risk 0.00cvss —epss 0.00
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
- CVE-2020-15496Jul 15, 2021risk 0.00cvss —epss 0.00
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
- CVE-2020-9452May 25, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions…
- CVE-2020-9450May 25, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an…
- CVE-2020-9451May 25, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet…
- CVE-2020-35145Jan 29, 2021risk 0.00cvss —epss 0.01
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
- CVE-2020-10140Oct 21, 2020risk 0.00cvss —epss 0.00
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of…
- CVE-2020-10139Oct 21, 2020risk 0.00cvss —epss 0.00
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories…
- CVE-2008-1279Mar 10, 2008risk 0.00cvss —epss 0.02
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an…
- CVE-2008-1280Mar 10, 2008risk 0.00cvss —epss 0.02
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer…
Page 2 of 2