Local Privilege Escalation in Acronis Cyber Protect Home Office
CVE-2022-44733

7.3HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Home Office
Vendor: CVE Published:; 7 November 2022

Summary

Acronis Cyber Protect Home Office for Windows prior to build 39900 is susceptible to a local privilege escalation vulnerability stemming from insecure folder permissions. An attacker with local access can exploit this weakness to elevate their privileges, potentially leading to unauthorized access and manipulation of system resources. Organizations using affected versions should apply the necessary updates to mitigate this security risk.

Affected Version(s)

Acronis Cyber Protect Home Office Windows 0 < 39900

References

https://security-advisory.acronis.com/advisories/SEC-3968

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2022
Vulnerability Reserved
Nov 4, 2022

Credit

@netero1010 (https://hackerone.com/netero1010)