Vulnerabilities > CVE-2022-45455 - Incomplete Cleanup vulnerability in Acronis Agent, Cyber Protect and Cyber Protect Home Office

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

acronis

CWE-459

NVD

Published: 2023-02-13

Updated: 2023-02-23

Summary

Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.

Vulnerable Configurations

Part	Description	Count
Application	Acronis Acronis Agent - Acronis Agent C21.03 Acronis Agent C21.06 Acronis Agent C21.07 Acronis Agent C21.09 Acronis Agent C21.10 Acronis Agent C21.12 Acronis Agent C22.02 Acronis Agent C22.03 Acronis Agent C22.05 Acronis Cyber Protect 15 Acronis Cyber Protect Home Office -	16
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

References

https://security-advisory.acronis.com/advisories/SEC-4459