CVE-2017-3219

Name of the Vulnerable Software and Affected Versions Acronis True Image versions up to and including 2017 Build 8053

Description The issue is related to errors in security settings when updating using HTTP, where downloaded updates are only verified using a server-provided MD5 hash. This could allow an attacker to execute arbitrary code with administrator privileges.

Recommendations For Acronis True Image versions up to and including 2017 Build 8053, consider disabling the automatic update feature via HTTP until a secure update mechanism is implemented. Restrict access to the update module to minimize the risk of exploitation. Avoid using the MD5 hash for update verification; instead, wait for an update that implements a more secure verification method. At the moment, there is no information about a newer version that contains a fix for this vulnerability.