Vulnerability Details CVE-2020-10138
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
Products affected by CVE-2020-10138
-
cpe:2.3:a:acronis:cyber_backup:*
-
cpe:2.3:a:acronis:cyber_protect:-