Vulnerability Description
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acronis | Cyber Backup | < 12.5 |
| Acronis | Cyber Protect | < 15 |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/114757Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/114757Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-10138?
CVE-2020-10138 is a vulnerability with a CVSS score of 7.8 (HIGH). Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect con...
How severe is CVE-2020-10138?
CVE-2020-10138 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10138?
Check the references section above for vendor advisories and patch information. Affected products include: Acronis Cyber Backup, Acronis Cyber Protect.