CVE-2020-10138

Name of the Vulnerable Software and Affected Versions Acronis Cyber Backup versions 12.5 Acronis Cyber Protect version 15

Description The issue concerns an OpenSSL component in Acronis Cyber Backup and Cyber Protect that specifies an OPENSSLDIR variable as a subdirectory within C:jenkins agent. This component is used by a privileged service in these products. Unprivileged Windows users can create subdirectories off of the system root, allowing a user to create a path to a specially-crafted openssl.cnf file. This can lead to arbitrary code execution with SYSTEM privileges.

Recommendations For Acronis Cyber Backup version 12.5, consider disabling the privileged service that uses the OpenSSL component until a patch is available. For Acronis Cyber Protect version 15, restrict access to the subdirectory within C:jenkins agent to minimize the risk of exploitation. Avoid using the OPENSSLDIR variable in the affected OpenSSL component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.