Local Privilege Escalation in Acronis Cyber Protect Home Office for Windows
CVE-2022-44732

7.3HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Home Office
Vendor: CVE Published:; 7 November 2022

Summary

A vulnerability exists in Acronis Cyber Protect Home Office for Windows due to insecure folder permissions, which may allow an attacker with local access to escalate privileges, potentially leading to unauthorized actions within the system. Users are advised to ensure they update to the latest build to mitigate this risk and protect their sensitive data.

Affected Version(s)

Acronis Cyber Protect Home Office Windows 0 < 39900

References

https://security-advisory.acronis.com/advisories/SEC-3040

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2022
Vulnerability Reserved
Nov 4, 2022