fkie_cve-2022-24113
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 06:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
References
security@acronis.comhttps://security-advisory.acronis.com/advisories/SEC-2881Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-advisory.acronis.com/advisories/SEC-2881Vendor Advisory
Impacted products
Vendor Product Version
acronis agent *
acronis cyber_protect 15
acronis cyber_protect 15
acronis cyber_protect 15
acronis cyber_protect_home_office -
microsoft windows -
acronis true_image 2021
acronis true_image 2021
acronis true_image 2021
acronis true_image 2021
acronis true_image 2021
acronis true_image 2021


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D71339-7F19-41DC-B6D2-BF776F472EE1",
              "versionEndExcluding": "c21.06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*",
              "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*",
              "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*",
              "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:acronis:true_image:2021:-:*:*:*:windows:*:*",
              "matchCriteriaId": "F7B99318-3AA5-428D-B0D7-106128BDCE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:true_image:2021:update_1:*:*:*:windows:*:*",
              "matchCriteriaId": "B1CFEB0F-588B-4B88-9169-4ADB6396C1C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:true_image:2021:update_2:*:*:*:windows:*:*",
              "matchCriteriaId": "54BE6067-0357-4C68-AA06-CB5EEA3DD86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:true_image:2021:update_3:*:*:*:windows:*:*",
              "matchCriteriaId": "02D1EBBC-47EE-4C46-AA69-DD0B7DE1B173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:true_image:2021:update_4:*:*:*:windows:*:*",
              "matchCriteriaId": "0CF1A7BF-9B93-4D7C-BCD8-30DEF789B46B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:acronis:true_image:2021:update_5:*:*:*:windows:*:*",
              "matchCriteriaId": "B55B6ED7-C602-4C7B-88C5-B0499D61EB1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287"
    },
    {
      "lang": "es",
      "value": "Una escalada de privilegios local debido a permisos excesivos asignados a los procesos hijos. Los siguientes productos est\u00e1n afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilaci\u00f3n 28035, Acronis Agent (Windows) versiones anteriores a la compilaci\u00f3n 27147, Acronis Cyber Protect Home Office (Windows) versiones anteriores a la compilaci\u00f3n 39612, Acronis True Image 2021 (Windows) versiones anteriores a la compilaci\u00f3n 39287"
    }
  ],
  "id": "CVE-2022-24113",
  "lastModified": "2024-11-21T06:49:49.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-04T23:15:15.997",
  "references": [
    {
      "source": "security@acronis.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security-advisory.acronis.com/advisories/SEC-2881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security-advisory.acronis.com/advisories/SEC-2881"
    }
  ],
  "sourceIdentifier": "security@acronis.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "security@acronis.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.