Local Privilege Escalation in Acronis Agent and Acronis Cyber Protect by Acronis
CVE-2022-45452

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Agent; Acronis Cyber Protect 15
Vendor: CVE Published:; 18 May 2023

Summary

This vulnerability involves local privilege escalation caused by insecure folder permissions in Acronis software. Attackers may exploit these permissions to gain unauthorized access and potentially execute malicious code with elevated privileges. Affected versions include Acronis Agent (Windows) prior to build 30430 and Acronis Cyber Protect 15 (Windows) before build 30984.

Affected Version(s)

Acronis Agent Windows < 30430

Acronis Cyber Protect 15 Windows < 30984

References

https://security-advisory.acronis.com/advisories/SEC-3967

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Nov 16, 2022

Credit

@netero1010 (https://hackerone.com/netero1010)