Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).
Weakness
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| True_image | Acronis | 2021 (including) | 2021 (including) |
| True_image | Acronis | 2021-update_1 (including) | 2021-update_1 (including) |
| True_image | Acronis | 2021-update_2 (including) | 2021-update_2 (including) |
| True_image | Acronis | 2021-update_3 (including) | 2021-update_3 (including) |