HIGH 7.8 Publié le 2020-10-21

CVE-2020-10140

EN Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.

CVSS v3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Apps suivies affectées

Acronis Mobile

com.acronis.trueImage

1 ouverte

Configurations CPE vulnérables

Vendor	Produit	Plateforme	Versions	CPE 2.3 URI
acronis	true_image	iOS	—	cpe:2.3:a:acronis:true_image:2021:::::::*

Voir sur NVD ↗