CVE-2022-44744: 
Acronis Cyber Protect Home Office vulnerability analysis and mitigation

Local privilege escalation vulnerability due to DLL hijacking was discovered in Acronis Cyber Protect Home Office (Windows) versions before build 40107. The vulnerability was assigned identifier CVE-2022-44744 and was disclosed in November 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, low attack complexity, low privileges required, user interaction needed, and high impacts to confidentiality, integrity and availability. The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) (NVD).

If successfully exploited, this vulnerability allows an attacker with local access to escalate privileges on the affected system. The high CVSS impact scores for confidentiality, integrity and availability (C:H/I:H/A:H) indicate that exploitation could result in complete compromise of system security (NVD).

The vulnerability has been fixed in Acronis Cyber Protect Home Office build 40107 and later versions. Users should upgrade to the latest version to mitigate this vulnerability (Vendor Advisory).