Search

Find a vulnerability

Search criteria

    44 vulnerabilities found for Acronis Cyber Protect Home Office by Acronis

    CVE-2023-48677 (GCVE-0-2023-48677)

    Vulnerability from nvd – Published: 2023-12-12 08:33 – Updated: 2026-04-10 13:15
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.
    CWE
    Assigner
    References
    Impacted products
    Credits
    @veath (https://hackerone.com/veath)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:54.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5620",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5620"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40901",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39378",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39938",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@veath (https://hackerone.com/veath)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:15:52.612Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5620",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5620"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-48677",
        "datePublished": "2023-12-12T08:33:17.191Z",
        "dateReserved": "2023-11-17T14:33:30.399Z",
        "dateUpdated": "2026-04-10T13:15:52.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-44208 (GCVE-0-2023-44208)

    Vulnerability from nvd – Published: 2023-10-04 11:47 – Updated: 2026-04-10 13:16
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40713 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40713 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:59:51.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6587"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40713",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T19:08:50.627046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T13:51:04.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40713",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:16:07.120Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6587"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-44208",
        "datePublished": "2023-10-04T11:47:43.666Z",
        "dateReserved": "2023-09-26T20:08:46.834Z",
        "dateUpdated": "2026-04-10T13:16:07.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5042 (GCVE-0-2023-5042)

    Vulnerability from nvd – Published: 2023-09-20 11:03 – Updated: 2026-04-10 13:15
    VLAI
    Summary
    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40713 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    Credits
    @tkoyeung (https://hackerone.com/tkoyeung)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5330"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:12:39.963610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:12:51.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40713",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@tkoyeung (https://hackerone.com/tkoyeung)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:15:14.654Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5330"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-5042",
        "datePublished": "2023-09-20T11:03:34.796Z",
        "dateReserved": "2023-09-18T12:18:29.150Z",
        "dateUpdated": "2026-04-10T13:15:14.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46869 (GCVE-0-2022-46869)

    Vulnerability from nvd – Published: 2023-08-31 19:16 – Updated: 2026-04-10 13:14
    VLAI
    Summary
    Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40278 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40278 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @imag0r (https://hackerone.com/imag0r)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:39:38.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3835",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40278",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T16:54:45.619057Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T16:55:33.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40278",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@imag0r (https://hackerone.com/imag0r)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:14:46.827Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3835",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3835"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-46869",
        "datePublished": "2023-08-31T19:16:47.094Z",
        "dateReserved": "2022-12-09T12:49:13.415Z",
        "dateUpdated": "2026-04-10T13:14:46.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-41743 (GCVE-0-2023-41743)

    Vulnerability from nvd – Published: 2023-08-31 15:04 – Updated: 2026-04-10 13:15
    VLAI
    Summary
    Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40278 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 31637 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 15 Affected: unspecified , < 35979 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect Affected: 0 , < 35979 (semver)
        cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40278 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    acronis agent Affected: 0 , < 31637 (semver)
        cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @alfarom256 (https://hackerone.com/alfarom256)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:47.982Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5487",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5487"
              },
              {
                "name": "SEC-4858",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/SEC-4858"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "35979",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40278",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "31637",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T17:29:00.348301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T17:32:05.640Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40278",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "31637",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 15",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35979",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@alfarom256 (https://hackerone.com/alfarom256)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:15:35.617Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5487",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5487"
            },
            {
              "name": "SEC-4858",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-4858"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-41743",
        "datePublished": "2023-08-31T15:04:10.802Z",
        "dateReserved": "2023-08-31T14:10:27.638Z",
        "dateUpdated": "2026-04-10T13:15:35.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46868 (GCVE-0-2022-46868)

    Vulnerability from nvd – Published: 2023-08-31 14:52 – Updated: 2024-10-01 17:48
    VLAI
    Summary
    Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40173 (semver)
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40173 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @z3ron3 (https://hackerone.com/z3ron3)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:39:38.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-2499",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-2499"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40173",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T17:47:10.974876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T17:48:38.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40173",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@z3ron3 (https://hackerone.com/z3ron3)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T14:52:05.561Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2499",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2499"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-46868",
        "datePublished": "2023-08-31T14:52:05.561Z",
        "dateReserved": "2022-12-09T12:49:13.415Z",
        "dateUpdated": "2024-10-01T17:48:38.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45451 (GCVE-0-2022-45451)

    Vulnerability from nvd – Published: 2023-08-31 14:43 – Updated: 2024-10-01 17:50
    VLAI
    Summary
    Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40173 (semver)
    Create a notification for this product.
    Acronis Acronis Agent Affected: unspecified , < 30600 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 15 Affected: unspecified , < 30984 (semver)
    Create a notification for this product.
    Credits
    @alfarom256 (https://hackerone.com/alfarom256)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:00.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4858",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4858"
              },
              {
                "name": "SEC-5487",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/SEC-5487"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T17:50:00.443727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T17:50:36.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40173",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30600",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 15",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30984",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@alfarom256 (https://hackerone.com/alfarom256)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T14:43:49.464Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4858",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4858"
            },
            {
              "name": "SEC-5487",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-5487"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-45451",
        "datePublished": "2023-08-31T14:43:49.464Z",
        "dateReserved": "2022-11-16T16:45:58.650Z",
        "dateUpdated": "2024-10-01T17:50:36.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4418 (GCVE-0-2022-4418)

    Vulnerability from nvd – Published: 2023-05-18 09:56 – Updated: 2025-01-22 16:18
    VLAI
    Summary
    Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40208 (semver)
    Create a notification for this product.
    Credits
    @vkas-afk (https://hackerone.com/vkas-afk)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:44.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4729",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4729"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4418",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-22T16:18:18.280354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-22T16:18:21.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@vkas-afk (https://hackerone.com/vkas-afk)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T21:36:37.401Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4729",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4729"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-4418",
        "datePublished": "2023-05-18T09:56:07.275Z",
        "dateReserved": "2022-12-12T09:52:35.246Z",
        "dateUpdated": "2025-01-22T16:18:21.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45455 (GCVE-0-2022-45455)

    Vulnerability from nvd – Published: 2023-02-13 09:27 – Updated: 2025-03-21 14:48
    VLAI
    Summary
    Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40107 (semver)
    Create a notification for this product.
    Acronis Acronis Agent Affected: unspecified , < 30025 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 15 Affected: unspecified , < 30984 (semver)
    Create a notification for this product.
    Credits
    @tkoyeung (https://hackerone.com/tkoyeung)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:00.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4459",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4459"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45455",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T14:48:18.814295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T14:48:25.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30025",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 15",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30984",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@tkoyeung (https://hackerone.com/tkoyeung)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-459",
                  "description": "CWE-459",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-13T09:32:54.093Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4459",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4459"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-45455",
        "datePublished": "2023-02-13T09:27:01.356Z",
        "dateReserved": "2022-11-16T16:45:58.651Z",
        "dateUpdated": "2025-03-21T14:48:25.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44747 (GCVE-0-2022-44747)

    Vulnerability from nvd – Published: 2022-11-07 19:00 – Updated: 2025-05-01 17:33
    VLAI
    Summary
    Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4540"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:29:50.619961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:33:54.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:00:37.931Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4540"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44747",
        "datePublished": "2022-11-07T19:00:37.931Z",
        "dateReserved": "2022-11-04T17:26:52.917Z",
        "dateUpdated": "2025-05-01T17:33:54.502Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44746 (GCVE-0-2022-44746)

    Vulnerability from nvd – Published: 2022-11-07 19:01 – Updated: 2025-04-30 14:07
    VLAI
    Summary
    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Credits
    @tkoyeung (https://hackerone.com/tkoyeung)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4398",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4398"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T14:07:08.020446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T14:07:24.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@tkoyeung (https://hackerone.com/tkoyeung)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:01:04.527Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4398",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4398"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44746",
        "datePublished": "2022-11-07T19:01:04.527Z",
        "dateReserved": "2022-11-04T17:26:52.916Z",
        "dateUpdated": "2025-04-30T14:07:24.204Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44745 (GCVE-0-2022-44745)

    Vulnerability from nvd – Published: 2022-11-07 19:00 – Updated: 2025-05-01 14:52
    VLAI
    Summary
    Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3481",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3481"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T14:52:32.278477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T14:52:47.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:00:59.626Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3481",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3481"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44745",
        "datePublished": "2022-11-07T19:00:59.626Z",
        "dateReserved": "2022-11-04T17:26:52.916Z",
        "dateUpdated": "2025-05-01T14:52:47.400Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44744 (GCVE-0-2022-44744)

    Vulnerability from nvd – Published: 2022-11-07 19:00 – Updated: 2025-04-30 19:15
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-2718",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-2718"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44744",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T19:12:28.367253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T19:15:08.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:00:53.561Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2718",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2718"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44744",
        "datePublished": "2022-11-07T19:00:53.561Z",
        "dateReserved": "2022-11-04T17:26:52.916Z",
        "dateUpdated": "2025-04-30T19:15:08.673Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44733 (GCVE-0-2022-44733)

    Vulnerability from nvd – Published: 2022-11-07 18:55 – Updated: 2025-05-01 17:33
    VLAI
    Summary
    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 39900 (semver)
    Create a notification for this product.
    Credits
    @netero1010 (https://hackerone.com/netero1010)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3968",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3968"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44733",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:31:19.520561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:33:22.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39900",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@netero1010 (https://hackerone.com/netero1010)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T18:56:06.293Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3968",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3968"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44733",
        "datePublished": "2022-11-07T18:55:00.740Z",
        "dateReserved": "2022-11-04T16:05:07.116Z",
        "dateUpdated": "2025-05-01T17:33:22.808Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44732 (GCVE-0-2022-44732)

    Vulnerability from nvd – Published: 2022-11-07 18:46 – Updated: 2025-05-01 17:32
    VLAI
    Summary
    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 39900 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3040"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:32:45.598570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:32:58.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39900",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T18:56:14.082Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3040"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44732",
        "datePublished": "2022-11-07T18:46:44.444Z",
        "dateReserved": "2022-11-04T16:05:07.116Z",
        "dateUpdated": "2025-05-01T17:32:58.362Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48677 (GCVE-0-2023-48677)

    Vulnerability from cvelistv5 – Published: 2023-12-12 08:33 – Updated: 2026-04-10 13:15
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.
    CWE
    Assigner
    References
    Impacted products
    Credits
    @veath (https://hackerone.com/veath)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:54.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5620",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5620"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40901",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39378",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 16",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39938",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@veath (https://hackerone.com/veath)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:15:52.612Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5620",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5620"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-48677",
        "datePublished": "2023-12-12T08:33:17.191Z",
        "dateReserved": "2023-11-17T14:33:30.399Z",
        "dateUpdated": "2026-04-10T13:15:52.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-44208 (GCVE-0-2023-44208)

    Vulnerability from cvelistv5 – Published: 2023-10-04 11:47 – Updated: 2026-04-10 13:16
    VLAI
    Summary
    Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40713 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40713 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:59:51.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-6587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-6587"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40713",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T19:08:50.627046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T13:51:04.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40713",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:16:07.120Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-6587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-6587"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-44208",
        "datePublished": "2023-10-04T11:47:43.666Z",
        "dateReserved": "2023-09-26T20:08:46.834Z",
        "dateUpdated": "2026-04-10T13:16:07.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-5042 (GCVE-0-2023-5042)

    Vulnerability from cvelistv5 – Published: 2023-09-20 11:03 – Updated: 2026-04-10 13:15
    VLAI
    Summary
    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40713 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    Credits
    @tkoyeung (https://hackerone.com/tkoyeung)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5330"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:12:39.963610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:12:51.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40713",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@tkoyeung (https://hackerone.com/tkoyeung)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:15:14.654Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5330"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-5042",
        "datePublished": "2023-09-20T11:03:34.796Z",
        "dateReserved": "2023-09-18T12:18:29.150Z",
        "dateUpdated": "2026-04-10T13:15:14.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46869 (GCVE-0-2022-46869)

    Vulnerability from cvelistv5 – Published: 2023-08-31 19:16 – Updated: 2026-04-10 13:14
    VLAI
    Summary
    Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40278 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40278 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @imag0r (https://hackerone.com/imag0r)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:39:38.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3835",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3835"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40278",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T16:54:45.619057Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T16:55:33.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40278",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@imag0r (https://hackerone.com/imag0r)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:14:46.827Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3835",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3835"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-46869",
        "datePublished": "2023-08-31T19:16:47.094Z",
        "dateReserved": "2022-12-09T12:49:13.415Z",
        "dateUpdated": "2026-04-10T13:14:46.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-41743 (GCVE-0-2023-41743)

    Vulnerability from cvelistv5 – Published: 2023-08-31 15:04 – Updated: 2026-04-10 13:15
    VLAI
    Summary
    Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40278 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 31637 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 15 Affected: unspecified , < 35979 (semver)
    Create a notification for this product.
    Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
    Create a notification for this product.
    acronis cyber_protect Affected: 0 , < 35979 (semver)
        cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40278 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    acronis agent Affected: 0 , < 31637 (semver)
        cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @alfarom256 (https://hackerone.com/alfarom256)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:47.982Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-5487",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-5487"
              },
              {
                "name": "SEC-4858",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/SEC-4858"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "35979",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40278",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "agent",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "31637",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T17:29:00.348301Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T17:32:05.640Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40278",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Cloud Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "31637",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 15",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "35979",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis True Image OEM",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "42575",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@alfarom256 (https://hackerone.com/alfarom256)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T13:15:35.617Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-5487",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-5487"
            },
            {
              "name": "SEC-4858",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-4858"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2023-41743",
        "datePublished": "2023-08-31T15:04:10.802Z",
        "dateReserved": "2023-08-31T14:10:27.638Z",
        "dateUpdated": "2026-04-10T13:15:35.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46868 (GCVE-0-2022-46868)

    Vulnerability from cvelistv5 – Published: 2023-08-31 14:52 – Updated: 2024-10-01 17:48
    VLAI
    Summary
    Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40173 (semver)
    Create a notification for this product.
    acronis cyber_protect_home_office Affected: 0 , < 40173 (semver)
        cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    @z3ron3 (https://hackerone.com/z3ron3)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:39:38.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-2499",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-2499"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cyber_protect_home_office",
                "vendor": "acronis",
                "versions": [
                  {
                    "lessThan": "40173",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T17:47:10.974876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T17:48:38.944Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40173",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@z3ron3 (https://hackerone.com/z3ron3)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T14:52:05.561Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2499",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2499"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-46868",
        "datePublished": "2023-08-31T14:52:05.561Z",
        "dateReserved": "2022-12-09T12:49:13.415Z",
        "dateUpdated": "2024-10-01T17:48:38.944Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45451 (GCVE-0-2022-45451)

    Vulnerability from cvelistv5 – Published: 2023-08-31 14:43 – Updated: 2024-10-01 17:50
    VLAI
    Summary
    Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40173 (semver)
    Create a notification for this product.
    Acronis Acronis Agent Affected: unspecified , < 30600 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 15 Affected: unspecified , < 30984 (semver)
    Create a notification for this product.
    Credits
    @alfarom256 (https://hackerone.com/alfarom256)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:00.914Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4858",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4858"
              },
              {
                "name": "SEC-5487",
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/SEC-5487"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T17:50:00.443727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T17:50:36.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40173",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30600",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 15",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30984",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@alfarom256 (https://hackerone.com/alfarom256)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T14:43:49.464Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4858",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4858"
            },
            {
              "name": "SEC-5487",
              "tags": [
                "related"
              ],
              "url": "https://security-advisory.acronis.com/SEC-5487"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-45451",
        "datePublished": "2023-08-31T14:43:49.464Z",
        "dateReserved": "2022-11-16T16:45:58.650Z",
        "dateUpdated": "2024-10-01T17:50:36.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4418 (GCVE-0-2022-4418)

    Vulnerability from cvelistv5 – Published: 2023-05-18 09:56 – Updated: 2025-01-22 16:18
    VLAI
    Summary
    Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40208 (semver)
    Create a notification for this product.
    Credits
    @vkas-afk (https://hackerone.com/vkas-afk)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:44.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4729",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4729"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4418",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-22T16:18:18.280354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-22T16:18:21.864Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@vkas-afk (https://hackerone.com/vkas-afk)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T21:36:37.401Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4729",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4729"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-4418",
        "datePublished": "2023-05-18T09:56:07.275Z",
        "dateReserved": "2022-12-12T09:52:35.246Z",
        "dateUpdated": "2025-01-22T16:18:21.864Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45455 (GCVE-0-2022-45455)

    Vulnerability from cvelistv5 – Published: 2023-02-13 09:27 – Updated: 2025-03-21 14:48
    VLAI
    Summary
    Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40107 (semver)
    Create a notification for this product.
    Acronis Acronis Agent Affected: unspecified , < 30025 (semver)
    Create a notification for this product.
    Acronis Acronis Cyber Protect 15 Affected: unspecified , < 30984 (semver)
    Create a notification for this product.
    Credits
    @tkoyeung (https://hackerone.com/tkoyeung)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:00.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4459",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4459"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45455",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T14:48:18.814295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T14:48:25.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Agent",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30025",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect 15",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "30984",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@tkoyeung (https://hackerone.com/tkoyeung)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-459",
                  "description": "CWE-459",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-13T09:32:54.093Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4459",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4459"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-45455",
        "datePublished": "2023-02-13T09:27:01.356Z",
        "dateReserved": "2022-11-16T16:45:58.651Z",
        "dateUpdated": "2025-03-21T14:48:25.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44746 (GCVE-0-2022-44746)

    Vulnerability from cvelistv5 – Published: 2022-11-07 19:01 – Updated: 2025-04-30 14:07
    VLAI
    Summary
    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Credits
    @tkoyeung (https://hackerone.com/tkoyeung)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4398",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4398"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T14:07:08.020446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T14:07:24.204Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@tkoyeung (https://hackerone.com/tkoyeung)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:01:04.527Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4398",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4398"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44746",
        "datePublished": "2022-11-07T19:01:04.527Z",
        "dateReserved": "2022-11-04T17:26:52.916Z",
        "dateUpdated": "2025-04-30T14:07:24.204Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44745 (GCVE-0-2022-44745)

    Vulnerability from cvelistv5 – Published: 2022-11-07 19:00 – Updated: 2025-05-01 14:52
    VLAI
    Summary
    Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3481",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3481"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T14:52:32.278477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T14:52:47.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:00:59.626Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3481",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3481"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44745",
        "datePublished": "2022-11-07T19:00:59.626Z",
        "dateReserved": "2022-11-04T17:26:52.916Z",
        "dateUpdated": "2025-05-01T14:52:47.400Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44744 (GCVE-0-2022-44744)

    Vulnerability from cvelistv5 – Published: 2022-11-07 19:00 – Updated: 2025-04-30 19:15
    VLAI
    Summary
    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-2718",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-2718"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44744",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T19:12:28.367253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T19:15:08.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:00:53.561Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-2718",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-2718"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44744",
        "datePublished": "2022-11-07T19:00:53.561Z",
        "dateReserved": "2022-11-04T17:26:52.916Z",
        "dateUpdated": "2025-04-30T19:15:08.673Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44747 (GCVE-0-2022-44747)

    Vulnerability from cvelistv5 – Published: 2022-11-07 19:00 – Updated: 2025-05-01 17:33
    VLAI
    Summary
    Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 40107 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-4540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-4540"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44747",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:29:50.619961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:33:54.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "40107",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.2,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-610",
                  "description": "CWE-610",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T19:00:37.931Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-4540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-4540"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44747",
        "datePublished": "2022-11-07T19:00:37.931Z",
        "dateReserved": "2022-11-04T17:26:52.917Z",
        "dateUpdated": "2025-05-01T17:33:54.502Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44733 (GCVE-0-2022-44733)

    Vulnerability from cvelistv5 – Published: 2022-11-07 18:55 – Updated: 2025-05-01 17:33
    VLAI
    Summary
    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 39900 (semver)
    Create a notification for this product.
    Credits
    @netero1010 (https://hackerone.com/netero1010)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3968",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3968"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44733",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:31:19.520561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:33:22.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39900",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "@netero1010 (https://hackerone.com/netero1010)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T18:56:06.293Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3968",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3968"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44733",
        "datePublished": "2022-11-07T18:55:00.740Z",
        "dateReserved": "2022-11-04T16:05:07.116Z",
        "dateUpdated": "2025-05-01T17:33:22.808Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44732 (GCVE-0-2022-44732)

    Vulnerability from cvelistv5 – Published: 2022-11-07 18:46 – Updated: 2025-05-01 17:32
    VLAI
    Summary
    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Acronis Acronis Cyber Protect Home Office Affected: 0 , < 39900 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:31.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SEC-3040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security-advisory.acronis.com/advisories/SEC-3040"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-44732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T17:32:45.598570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T17:32:58.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Acronis Cyber Protect Home Office",
              "vendor": "Acronis",
              "versions": [
                {
                  "lessThan": "39900",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-07T18:56:14.082Z",
            "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
            "shortName": "Acronis"
          },
          "references": [
            {
              "name": "SEC-3040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security-advisory.acronis.com/advisories/SEC-3040"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "assignerShortName": "Acronis",
        "cveId": "CVE-2022-44732",
        "datePublished": "2022-11-07T18:46:44.444Z",
        "dateReserved": "2022-11-04T16:05:07.116Z",
        "dateUpdated": "2025-05-01T17:32:58.362Z",
        "requesterUserId": "269ef961-68ca-4d26-8365-05fbcb13edc5",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }