CVE-2022-24113
Last modified
CVE-2022-24113 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Acronis | Agent | < c21.06 |
| Acronis | Cyber Protect | 15 |
| Acronis | Cyber Protect Home Office | All versions |
| Acronis | True Image | 2021 |
References
- https://security-advisory.acronis.com/advisories/SEC-2881Vendor Advisory
- https://security-advisory.acronis.com/advisories/SEC-2881Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-24113?
How severe is CVE-2022-24113?
How do I fix CVE-2022-24113?
Are you affected by CVE-2022-24113?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST