OpenCVE

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Acronis	Agent Cyber Protect Cyber Protect Home Office

Configuration 1 [-]

OR	cpe:2.3:a:acronis:agent::::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:-::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update1::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update2::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update3::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update4::::windows::*
	cpe:2.3:a:acronis:cyber_protect:15:update5::::windows::*
	cpe:2.3:a:acronis:cyber_protect_home_office::::::windows::*

No data.

References

Link	Providers
https://security-advisory.acronis.com/SEC-5487
https://security-advisory.acronis.com/advisories/SEC-4858

History

Tue, 01 Oct 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Acronis

Published: 2023-08-31T14:43:49.464Z

Updated: 2024-10-01T17:50:36.690Z

Reserved: 2022-11-16T16:45:58.650Z

Link: CVE-2022-45451

Vulnrichment

Updated: 2024-08-03T14:17:00.914Z

NVD

Status : Modified

Published: 2023-08-31T15:15:08.213

Modified: 2024-11-21T07:29:16.817

Link: CVE-2022-45451

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45451", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "state": "PUBLISHED", "assignerShortName": "Acronis", "dateReserved": "2022-11-16T16:45:58.650Z", "datePublished": "2023-08-31T14:43:49.464Z", "dateUpdated": "2024-10-01T17:50:36.690Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2023-08-31T14:43:49.464Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "CWE-269", "type": "CWE"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect Home Office", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "40173", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Agent", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "30600", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Cyber Protect 15", "platforms": ["Windows"], "versions": [{"version": "unspecified", "status": "affected", "lessThan": "30984", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984."}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4858", "name": "SEC-4858", "tags": ["vendor-advisory"]}, {"name": "SEC-5487", "url": "https://security-advisory.acronis.com/SEC-5487", "tags": ["related"]}], "credits": [{"lang": "en", "value": "@alfarom256 (https://hackerone.com/alfarom256)", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:17:00.914Z"}, "title": "CVE Program Container", "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4858", "name": "SEC-4858", "tags": ["vendor-advisory", "x_transferred"]}, {"name": "SEC-5487", "url": "https://security-advisory.acronis.com/SEC-5487", "tags": ["related", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-01T17:50:00.443727Z", "id": "CVE-2022-45451", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T17:50:36.690Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4858", "name": "SEC-4858", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security-advisory.acronis.com/SEC-5487", "name": "SEC-5487", "tags": ["related", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:17:00.914Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-45451", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-01T17:50:00.443727Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T17:50:32.999Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "@alfarom256 (https://hackerone.com/alfarom256)"}], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Acronis", "product": "Acronis Cyber Protect Home Office", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "40173", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Agent", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "30600", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis Cyber Protect 15", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "30984", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-4858", "name": "SEC-4858", "tags": ["vendor-advisory"]}, {"url": "https://security-advisory.acronis.com/SEC-5487", "name": "SEC-5487", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269"}]}], "providerMetadata": {"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "shortName": "Acronis", "dateUpdated": "2023-08-31T14:43:49.464Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45451", "state": "PUBLISHED", "dateUpdated": "2024-10-01T17:50:36.690Z", "dateReserved": "2022-11-16T16:45:58.650Z", "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175", "datePublished": "2023-08-31T14:43:49.464Z", "assignerShortName": "Acronis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "56BAA7EE-BE79-4F61-9374-8308F20E864F", "versionEndExcluding": "c22.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:windows:*:*", "matchCriteriaId": "16169F2D-5853-4A75-870A-9536EBC82091", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:windows:*:*", "matchCriteriaId": "82874E4D-44DB-4FBD-8716-2B559CB3AE27", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:windows:*:*", "matchCriteriaId": "ED7537E4-682D-48F0-9113-13C92966D6C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:windows:*:*", "matchCriteriaId": "88A49174-1222-444E-8127-CDA891C8847E", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:windows:*:*", "matchCriteriaId": "86C6881F-7F06-42E8-B80B-3BC52FF4829C", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:windows:*:*", "matchCriteriaId": "8DE5F9FA-94F6-4AD4-BF5F-6BB8B22673D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:windows:*:*", "matchCriteriaId": "242EAE22-310A-4A7B-9421-21719C7E9310", "versionEndExcluding": "40173", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984."}], "id": "CVE-2022-45451", "lastModified": "2024-11-21T07:29:16.817", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@acronis.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-31T15:15:08.213", "references": [{"source": "security@acronis.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://security-advisory.acronis.com/SEC-5487"}, {"source": "security@acronis.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-4858"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://security-advisory.acronis.com/SEC-5487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://security-advisory.acronis.com/advisories/SEC-4858"}], "sourceIdentifier": "security@acronis.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@acronis.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}