7.8
CVE-2022-24113
- EPSS 0.03%
- Veröffentlicht 04.02.2022 23:15:15
- Zuletzt bearbeitet 21.11.2024 06:49:49
- Quelle security@acronis.com
- Teams Watchlist Login
- Unerledigt Login
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Acronis ≫ Cyber Protect Version15 Update-
Acronis ≫ Cyber Protect Version15 Updateupdate1
Acronis ≫ Cyber Protect Version15 Updateupdate2
Acronis ≫ Cyber Protect Home Office Version-
Acronis ≫ True Image Version2021 Update- SwPlatformwindows
Acronis ≫ True Image Version2021 Updateupdate_1 SwPlatformwindows
Acronis ≫ True Image Version2021 Updateupdate_2 SwPlatformwindows
Acronis ≫ True Image Version2021 Updateupdate_3 SwPlatformwindows
Acronis ≫ True Image Version2021 Updateupdate_4 SwPlatformwindows
Acronis ≫ True Image Version2021 Updateupdate_5 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.061 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.