CVE-2022-3405

Description

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

CVSS breakdown

CVSS 3.0

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected products

Acronis / Acronis Cyber Backup 12.5unspecified – 16545
Acronis / Acronis Cyber Protect 15unspecified – 29486

References

VENDOR_ADVISORYhttps://security-advisory.acronis.com/advisories/SEC-4092
VENDOR_ADVISORYhttps://herolab.usd.de/security-advisories/usd-2022-0008/