CVE-2022-45451 - OpenCVE

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Acronis	Agent Cyber Protect Cyber Protect Home Office

Configuration 1 [-]

OR	cpe:2.3:a:acronis:agent::::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:-::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update1::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update2::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update3::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update4::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update5::::windows::*
	cpe:2.3:a:acronis:cyber_protect_home_office::::::windows::*

No data.

References

Link	Providers
https://security-advisory.acronis.com/SEC-5487
https://security-advisory.acronis.com/advisories/SEC-4858

History

No history.

MITRE

Status: PUBLISHED

Assigner: Acronis

Published: 2023-08-31T14:43:49.464Z

Updated: 2024-08-03T14:17:00.914Z

Reserved: 2022-11-16T16:45:58.650Z

Link: CVE-2022-45451

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-31T15:15:08.213

Modified: 2023-09-06T15:52:55.787

Link: CVE-2022-45451

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45451", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2022-11-16T16:45:58.650Z", "datePublished": "2023-08-31T14:43:49.464Z", "dateUpdated": "2024-08-03T14:17:00.914Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2023-08-31T14:43:49.464Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "CWE-269", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect Home Office", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "40173", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Agent", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "30600", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Cyber Protect 15", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "30984", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4858", "name": "SEC-4858", "tags": ["vendor-advisory"]}, {"name": "SEC-5487", "url": "https://security-advisory.acronis.com/SEC-5487", "tags": ["related"]}], "credits": [{"lang": "en", "value": "@alfarom256 (https://hackerone.com/alfarom256)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:17:00.914Z"}, "title": "CVE Program Container", "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4858", "name": "SEC-4858", "tags": ["vendor-advisory", "x_transferred"]}, {"name": "SEC-5487", "url": "https://security-advisory.acronis.com/SEC-5487", "tags": ["related", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "56BAA7EE-BE79-4F61-9374-8308F20E864F", "versionEndExcluding": "c22.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:windows:*:*", "matchCriteriaId": "16169F2D-5853-4A75-870A-9536EBC82091", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:windows:*:*", "matchCriteriaId": "82874E4D-44DB-4FBD-8716-2B559CB3AE27", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:windows:*:*", "matchCriteriaId": "ED7537E4-682D-48F0-9113-13C92966D6C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:windows:*:*", "matchCriteriaId": "88A49174-1222-444E-8127-CDA891C8847E", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:windows:*:*", "matchCriteriaId": "86C6881F-7F06-42E8-B80B-3BC52FF4829C", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:windows:*:*", "matchCriteriaId": "8DE5F9FA-94F6-4AD4-BF5F-6BB8B22673D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:windows:*:*", "matchCriteriaId": "242EAE22-310A-4A7B-9421-21719C7E9310", "versionEndExcluding": "40173", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984."}], "id": "CVE-2022-45451", "lastModified": "2023-09-06T15:52:55.787", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@acronis.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-31T15:15:08.213", "references": [{"source": "security@acronis.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://security-advisory.acronis.com/SEC-5487"}, {"source": "security@acronis.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-4858"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@acronis.com", "type": "Secondary"}]}