Local privilege escalation due to excessive permissions assigned to child processes
CVE-2022-24113

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 15; Acronis Agent; Acronis Cyber Protect Home Office; Acronis True Image 2021
Vendor: CVE Published:; 4 February 2022

What is CVE-2022-24113?

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Affected Version(s)

Acronis Agent Windows < 27147

Acronis Cyber Protect 15 Windows < 28035

Acronis Cyber Protect Home Office Windows < 39612

References

https://security-advisory.acronis.com/advisories/SEC-2881

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Jan 28, 2022

Credit

@penrose (https://hackerone.com/penrose)