How severe is CVE-2020-9452?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2020-9452?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2020-9452 - HIGH Severity | CVSS 7.8

Vulnerability Description

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.

Related Vulnerabilities

CVE-2003-0578

HIGH

CVSS:7.8(High)

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

CWE-592003

CVE-2008-7273

HIGH

CVSS:7.8(High)

A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.

CWE-592008

CVE-2011-3618

HIGH

CVSS:7.8(High)

atop: symlink attack possible due to insecure tempfile handling

CWE-592011

CVE-2012-1093

HIGH

CVSS:7.8(High)

The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.

CWE-592012

CVE-2013-4364

HIGH

CVSS:7.8(High)

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attac...

CWE-592013

CVE-2014-3219

HIGH

CVSS:7.8(High)

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

CWE-592014