Vulnerabilities > CVE-2022-3405 - Unspecified vulnerability in Acronis Cyber Backup and Cyber Protect

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

acronis

NVD

Published: 2023-05-03

Updated: 2023-05-09

Summary

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Vulnerable Configurations

Part	Description	Count
Application	Acronis Acronis Cyber Backup 12.5 Acronis Cyber Protect 15	19
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://security-advisory.acronis.com/advisories/SEC-4092
https://herolab.usd.de/security-advisories/usd-2022-0008/