Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Agent | Acronis | * | c23.02 (excluding) |
| Cyber_protect | Acronis | 15 (including) | 15 (including) |
| Cyber_protect | Acronis | 15-update1 (including) | 15-update1 (including) |
| Cyber_protect | Acronis | 15-update2 (including) | 15-update2 (including) |
| Cyber_protect | Acronis | 15-update3 (including) | 15-update3 (including) |
| Cyber_protect | Acronis | 15-update4 (including) | 15-update4 (including) |
| Cyber_protect | Acronis | 15-update5 (including) | 15-update5 (including) |
| Cyber_protect_home_office | Acronis | - (including) | - (including) |
| Cyber_protect_home_office | Acronis | 39900 (including) | 39900 (including) |
| Cyber_protect_home_office | Acronis | 40107 (including) | 40107 (including) |
| Cyber_protect_home_office | Acronis | 40173 (including) | 40173 (including) |
| Cyber_protect_home_office | Acronis | 40208 (including) | 40208 (including) |