3 matches found
CVE-2020-9452
An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine...
CVE-2020-9450
Affected product: Acronis True Image 2020 (build 24.5.22510). The issue lies in anti_ransomware_service.exe, whose REST API is exposed for GUI communication and is accessible to unprivileged users. This allows adding arbitrary executables to the whitelist or excluding an entire drive from monitor...
Acronis: anti_ransomware_service.exe REST API does not require authentication
antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the Acronis True Image 2020 GUI to the antiransomwareservice.exe. This can be exploited to add an arbitary malicious executable to the whitelist or even exclude...