CVE-2020-9450 - OpenCVE

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Acronis	True Image 2020

Configuration 1 [-]

cpe:2.3:a:acronis:true_image_2020:24.5.22510:*:*:*:*:*:*:*

References

Link	Resource
https://danishcyberdefence.dk/blog	Third Party Advisory
https://madsjoensen.dk/cve-2020-9450/	Exploit Third Party Advisory
https://www.acronis.com	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-25T11:08:01

Updated: 2021-05-25T11:08:01

Reserved: 2020-02-28T00:00:00

Link: CVE-2020-9450

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-05-25T12:15:07.740

Modified: 2021-05-28T17:40:29.193

Link: CVE-2020-9450

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-25T11:08:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.acronis.com"}, {"tags": ["x_refsource_MISC"], "url": "https://danishcyberdefence.dk/blog"}, {"tags": ["x_refsource_MISC"], "url": "https://madsjoensen.dk/cve-2020-9450/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9450", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.acronis.com", "refsource": "MISC", "url": "https://www.acronis.com"}, {"name": "https://danishcyberdefence.dk/blog", "refsource": "MISC", "url": "https://danishcyberdefence.dk/blog"}, {"name": "https://madsjoensen.dk/cve-2020-9450/", "refsource": "MISC", "url": "https://madsjoensen.dk/cve-2020-9450/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9450", "datePublished": "2021-05-25T11:08:01", "dateReserved": "2020-02-28T00:00:00", "dateUpdated": "2021-05-25T11:08:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:true_image_2020:24.5.22510:*:*:*:*:*:*:*", "matchCriteriaId": "5098DA80-2939-413C-AC35-A0D3A455CA28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Acronis True Image 2020 versiones 24.5.22510. El archivo anti_ransomware_service.exe expone una API REST que puede ser utilizada por todos, inclusive por usuarios no privilegiados. Esta API es usada para comunicarse desde la GUI hacia el archivo anti_ransomware_service.exe. Esto puede ser explotado para agregar un ejecutable malicioso arbitrario a la lista blanca, o inclusive excluir una unidad completa de ser monitoreada por el archivo anti_ransomware_service.exe"}], "id": "CVE-2020-9450", "lastModified": "2021-05-28T17:40:29.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-25T12:15:07.740", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://danishcyberdefence.dk/blog"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://madsjoensen.dk/cve-2020-9450/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.acronis.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}