← Back

CVE-2022-3405

nvd nist
Published: May 3, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Affected (19)

Acronis
2 products
Cyber Backup
Cyber Protect
Configuration A
19 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Acronis
Cyber Backup
Version 12.5
Cyber Backup
Version 12.5 10130
Cyber Backup
Version 12.5 10330
Cyber Backup
Version 12.5 11010
Cyber Backup
Version 12.5 13160
Cyber Backup
Version 12.5 13400
Cyber Backup
Version 12.5 14280
Cyber Backup
Version 12.5 14330
Cyber Backup
Version 12.5 16180
Cyber Backup
Version 12.5 16318
Cyber Backup
Version 12.5 16327
Cyber Backup
Version 12.5 7641
Cyber Backup
Version 12.5 7970
Cyber Backup
Version 12.5 8850
Cyber Backup
Version 12.5 9010
Acronis
Cyber Protect
Version 15
Cyber Protect
Version 15 update1
Cyber Protect
Version 15 update2
Cyber Protect
Version 15 update3
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

Source: security@acronis.com
ExploitThird Party Advisory
Source: security@acronis.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.