CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Published: Feb 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-24113
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
acronis / agent	-	c21.06
acronis / cyber_protect	15	15.x
acronis / cyber_protect	15-update1	15-update1.x
acronis / cyber_protect	15-update2	15-update2.x
acronis / true_image	2021-update_1	2021-update_1.x
acronis / true_image	2021-update_2	2021-update_2.x
acronis / true_image	2021-update_3	2021-update_3.x
acronis / true_image	2021	2021.x
acronis / true_image	2021-update_4	2021-update_4.x
acronis / true_image	2021-update_5	2021-update_5.x

https://security-advisory.acronis.com/advisories/SEC-2881

Vulnerability Database

289,697

CVE-2022-24113