CVE-2022-3405 CRITICAL

CVE-2022-3405

Vendor Acronis

Product Acronis Cyber Protect 15

Weakness CWE-269

Published May 3, 2023

Last update February 3, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Key dates

02Disclosure timeline

May 3, 2023 CVE published

February 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3405 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2022-3405

CWE CWE-269

CVSS 9.3 / CRITICAL

Affected versions

Vendor Acronis

Product Acronis Cyber Protect 15

Affected ≥ unspecified and < 29486

Vendor Acronis

Product Acronis Cyber Backup 12.5

Affected ≥ unspecified and < 16545

CVE-2022-3405

01Description

02Disclosure timeline

03References

04Related CVE