PT-2022-16473 · Acronis · Acronis Cyber Protect Home Office+4

Penrose

Published

2022-02-02

Updated

2022-02-11

CVE-2022-24113

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect 15 (Windows) versions before build 28035 Acronis Agent (Windows) versions before build 27147 Acronis Cyber Protect Home Office (Windows) versions before build 39612 Acronis True Image 2021 (Windows) versions before build 39287

Description The issue is related to local privilege escalation due to excessive permissions assigned to child processes.

Recommendations For Acronis Cyber Protect 15 (Windows) versions before build 28035, update to build 28035 or later. For Acronis Agent (Windows) versions before build 27147, update to build 27147 or later. For Acronis Cyber Protect Home Office (Windows) versions before build 39612, update to build 39612 or later. For Acronis True Image 2021 (Windows) versions before build 39287, update to build 39287 or later.

Fix

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-250

Related Identifiers

CVE-2022-24113

Affected Products

Acronis

Acronis Agent

Acronis Cyber Protect 15

Acronis Cyber Protect Home Office

Acronis True Image 2021

PT-2022-16473 · Acronis · Acronis Cyber Protect Home Office+4

CVE-2022-24113

Weakness Enumeration

Related Identifiers

Affected Products

References · 4