Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Published

2022-02-04T23:15:15.997

Last Modified

2024-11-21T06:49:49.933

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-250
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acronis	agent	< c21.06	Yes
Application	acronis	cyber_protect	15	Yes
Application	acronis	cyber_protect	15	Yes
Application	acronis	cyber_protect	15	Yes
Application	acronis	cyber_protect_home_office	-	Yes
Operating System	microsoft	windows	-	No
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes
Application	acronis	true_image	2021	Yes

References

https://security-advisory.acronis.com/advisories/SEC-2881 Vendor Advisory ([email protected])
https://security-advisory.acronis.com/advisories/SEC-2881 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)