Security Vulnerabilities fixed in Acronis Cyber Protect Agent 15.0.00000
Description
Acronis Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\\jenkins_agent\\. Acronis Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
Affected Applications
Acronis Cyber Protect Agent