CVE-2022-45451: 
Acronis Cyber Protect Home Office vulnerability analysis and mitigation

CVE-2022-45451 is a local privilege escalation vulnerability affecting multiple Acronis products due to insecure driver communication port permissions. The affected products include Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, and Acronis Cyber Protect 15 (Windows) before build 30984 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-269 (Improper Privilege Management). The attack requires local access with low complexity and low privileges, but no user interaction (NVD).

If successfully exploited, this vulnerability could allow an attacker to escalate privileges on the affected system, potentially gaining high levels of access to confidentiality, integrity, and availability of the system (NVD).

Users should upgrade to the following versions: Acronis Cyber Protect Home Office (Windows) build 40173 or later, Acronis Agent (Windows) build 30600 or later, and Acronis Cyber Protect 15 (Windows) build 30984 or later (NVD).