Lucene search

CertccCVELIST:CVE-2020-10138

HistoryOct 21, 2020 - 1:40 p.m.

CVE-2020-10138

2020-10-2113:40:18

CWE-284

certcc

www.cve.org

acronis

cyber protect

openssl

vulnerability

arbitrary code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.4%

JSON

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

CNA Affected

[
  {
    "product": "Cyber Backup",
    "vendor": "Acronis",
    "versions": [
      {
        "lessThan": "16363",
        "status": "affected",
        "version": "12.5",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Cyber Protect",
    "vendor": "Acronis",
    "versions": [
      {
        "lessThan": "24600",
        "status": "affected",
        "version": "15",
        "versionType": "custom"
      }
    ]
  }
]

References

www.kb.cert.org/vuls/id/114757

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

10.4%

JSON

Related for CVELIST:CVE-2020-10138