CVE-2022-24113: 
Acronis Cyber Protect vulnerability analysis and mitigation

CVE-2022-24113 is a local privilege escalation vulnerability affecting multiple Acronis products. The vulnerability stems from excessive permissions being assigned to child processes in several Acronis Windows products including Acronis Cyber Protect 15 (before build 28035), Acronis Agent (before build 27147), Acronis Cyber Protect Home Office (before build 39612), and Acronis True Image 2021 (before build 39287) (AttackerKB).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with an impact score of 5.9 and exploitability score of 1.8. The attack vector is Local (AV:L), requiring low privileges (PR:L) with no user interaction (UI:N). The scope is unchanged (S:U), and the vulnerability can potentially impact confidentiality, integrity, and availability, all rated as High (C:H/I:H/A:H) (AttackerKB).

The vulnerability can lead to local privilege escalation, potentially allowing an attacker with low privileges to gain elevated access to the affected system. This could result in complete compromise of system confidentiality, integrity, and availability (AttackerKB).

Users should upgrade to the following versions or later: Acronis Cyber Protect 15 build 28035, Acronis Agent build 27147, Acronis Cyber Protect Home Office build 39612, and Acronis True Image 2021 build 39287 (AttackerKB).