CVE-2022-3405

Summary

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Affected Software

VendorProductVersion RangeStatus
AcronisAcronis Cyber Protect 15unspecified < 29486affected
AcronisAcronis Cyber Backup 12.5unspecified < 16545affected

Weaknesses

  • CWE-269: CWE-269

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References