N/A

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

访问控制不恰当

Acronis Cyber Backup 访问控制错误漏洞

Acronis Cyber Backup是新加坡安克诺斯（Acronis）的一款数据备份产品。可以对虚拟机和主机进行备份，支持windows、linux的备份,使用AcronisInstantRestore提供极快的恢复性能，并且支持灵活的存储方案，极大保障企业的数据安全。 Acronis Cyber Backup 12.5版本和Cyber Protect 15版本存在访问控制错误漏洞，该漏洞源于包含一个OpenSSL组件，该组件指定OPENSSLDIR变量作为C:jenkins_agent中的子目录。A

N/A

N/A