Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-44732

Summary
Assigner-Acronis
Assigner Org ID-73dc0fef-1c66-4a72-9d2d-0a0f4012c175
Published At-07 Nov, 2022 | 18:46
Updated At-01 May, 2025 | 17:32
Rejected At-
Credits

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Acronis
Assigner Org ID:73dc0fef-1c66-4a72-9d2d-0a0f4012c175
Published At:07 Nov, 2022 | 18:46
Updated At:01 May, 2025 | 17:32
Rejected At:
▼CVE Numbering Authority (CNA)

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

Affected Products
Vendor
Acronis (Acronis International GmbH)Acronis
Product
Acronis Cyber Protect Home Office
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 0 before 39900 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269
Type: CWE
CWE ID: CWE-269
Description: CWE-269
Metrics
VersionBase scoreBase severityVector
3.07.3HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security-advisory.acronis.com/advisories/SEC-3040
vendor-advisory
Hyperlink: https://security-advisory.acronis.com/advisories/SEC-3040
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security-advisory.acronis.com/advisories/SEC-3040
vendor-advisory
x_transferred
Hyperlink: https://security-advisory.acronis.com/advisories/SEC-3040
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@acronis.com
Published At:07 Nov, 2022 | 19:15
Updated At:06 Jul, 2023 | 14:47

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.07.3HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Acronis (Acronis International GmbH)
acronis
>>cyber_protect_home_office>>Versions before 39900(exclusive)
cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE-269Secondarysecurity@acronis.com
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: security@acronis.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security-advisory.acronis.com/advisories/SEC-3040security@acronis.com
Vendor Advisory
Hyperlink: https://security-advisory.acronis.com/advisories/SEC-3040
Source: security@acronis.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

958Records found
CVE-2022-45452
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.08%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 09:21
Updated-22 Jan, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectwindowsagentAcronis Cyber Protect 15Acronis Agent
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-48961
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 13:26
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-Acronis Cyber Protect 16
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-45451
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 14:43
Updated-01 Oct, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officeagentAcronis AgentAcronis Cyber Protect 15Acronis Cyber Protect Home Office
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-32577
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:21
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-44733
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.87%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 18:55
Updated-01 May, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-41743
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-8.8||HIGH
EPSS-0.03% / 4.91%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 15:04
Updated-01 Oct, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officewindowsagentAcronis AgentAcronis Cyber Protect 15Acronis Cyber Protect Home Officecyber_protectcyber_protect_home_officeagent
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30695
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 17:19
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to excessive permissions assigned to child processes

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-snap_deployAcronis Snap Deploy
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-10140
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 13:40
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-true_imageTrue Image
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-0483
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to insecure folder permissions

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsvss_doctorAcronis VSS Doctor
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-46868
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.27%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 14:52
Updated-01 Oct, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowscyber_protect_home_officeAcronis Cyber Protect Home Officecyber_protect_home_office
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2021-32579
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:04
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-48677
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.04% / 10.11%
||
7 Day CHG-0.01%
Published-12 Dec, 2023 | 08:33
Updated-04 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protect_home_officewindowsAcronis Cyber Protect Home OfficeAcronis Cyber Protect 16Acronis Cyber Protect Cloud Agent
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-15495
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.21%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 14:19
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CVE-2023-44157
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-3.3||LOW
EPSS-0.05% / 13.33%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 12:01
Updated-23 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectwindowsAcronis Cyber Protect 15
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-44209
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-5.6||MEDIUM
EPSS-0.03% / 6.40%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 19:44
Updated-19 Sep, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Apple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelagentAcronis Agent
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2022-44747
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-2.2||LOW
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 19:00
Updated-01 May, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-9452
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.38%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 11:21
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_image_2020n/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-9450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 11:08
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_image_2020n/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-55543
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.61%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:24
Updated-02 Jan, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-Acronis Cyber Protect 16
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-49389
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.88%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 09:49
Updated-18 Oct, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_filesAcronis Cyber Filescyber_files
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-49390
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.03% / 5.37%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 09:49
Updated-18 Oct, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_filesAcronis Cyber Filescyber_files
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-30697
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.30%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 17:20
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to insecure folder permissions

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-snap_deployAcronis Snap Deploy
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-2355
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 18:45
Updated-30 Jan, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-snap_deployAcronis Snap Deploy
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-41744
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.14%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 15:14
Updated-01 Oct, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.

Action-Not Available
Vendor-Apple Inc.Acronis (Acronis International GmbH)
Product-cyber_protectmacosagentAcronis AgentAcronis Cyber Protect 15cyber_protectagent
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-25736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-15.06% / 94.31%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CVE-2021-44204
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.40%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation via named pipe due to improper access control checks

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officewindowstrue_imageagentAcronis Cyber Protect 15Acronis AgentAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-285
Improper Authorization
CVE-2022-24115
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.69%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to unrestricted loading of unsigned libraries

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287

Action-Not Available
Vendor-Apple Inc.Acronis (Acronis International GmbH)
Product-true_imagecyber_protect_home_officemacosAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24113
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to excessive permissions assigned to child processes

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officewindowstrue_imageagentAcronis Cyber Protect 15Acronis AgentAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10139
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 13:40
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-true_imageTrue Image 2021
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-665
Improper Initialization
CVE-2020-10138
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 13:40
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protectcyber_backupCyber BackupCyber Protect
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-665
Improper Initialization
CVE-2021-38088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 13:38
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.

Action-Not Available
Vendor-n/aMicrosoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectwindowsn/a
CVE-2021-32576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:07
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2021-32578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:16
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2022-46869
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.57%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 19:16
Updated-01 Oct, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowscyber_protect_home_officeAcronis Cyber Protect Home Officecyber_protect_home_office
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-45455
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 19.12%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 09:27
Updated-21 Mar, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officewindowsagentAcronis Cyber Protect Home OfficeAcronis Cyber Protect 15Acronis Agent
CWE ID-CWE-459
Incomplete Cleanup
CVE-2022-4418
Matching Score-8
Assigner-Acronis International GmbH
ShareView Details
Matching Score-8
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 09:56
Updated-22 Jan, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowscyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-15496
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 13:57
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-30408
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 13:04
Updated-04 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-Acronis Cyber Protect 16Acronis Cyber Protect Cloud Agent
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-44746
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-2.2||LOW
EPSS-0.06% / 16.97%
||
7 Day CHG~0.00%
Published-07 Nov, 2022 | 19:01
Updated-30 Apr, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-cyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-3405
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-9.3||CRITICAL
EPSS-29.61% / 96.45%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 10:49
Updated-03 Feb, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowscyber_backuplinux_kernelAcronis Cyber Protect 15Acronis Cyber Backup 12.5
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-49385
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.57%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 14:14
Updated-02 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-Acronis True Image
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-30990
Matching Score-6
Assigner-Acronis International GmbH
ShareView Details
Matching Score-6
Assigner-Acronis International GmbH
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.32%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:38
Updated-17 Sep, 2024 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive information disclosure due to insecure folder permissions

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowsagentlinux_kernelAcronis Cyber Protect 15Acronis Agent
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-21269
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 21:00
Updated-09 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21396
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20655
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.69%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6761mt6853tmt8167smt6785mt6771mt8385mt8797mt6580mt8321mt8791tmt6737mt8795tmt8791mt6879mt8395mt6877mt8788mt6735mt6883mt6895mt8195mt8789mt8891mt6753mt8781mt6855mt8168mt8786mt6893mt8667mt6983mt8175mt8365mt8798mt6781mt8771mt8167mt8666mt8185mt8675mt8766mt6739mt6779mt6768mt8362amt6833mt6873mt8192mt8765mt2715mt8673mt6889mt8768mt6853mt8173mt8871mt6789mt6765mt6885MT2715, MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8192, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-21374
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2002-0367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.15% / 77.62%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/aWindows
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-9332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 15:31
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local).

Action-Not Available
Vendor-k7computingn/a
Product-total_securityantivriusenterprise_securityultimate_securityn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-20565
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.25%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:54
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_pro_7940hs_firmwareryzen_5_6600h_firmwareryzen_9_pro_7940h_firmwareryzen_7_7800x3d_firmwareryzen_5_pro_7640hs_firmwareryzen_7_7735hs_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxryzen_7_pro_7730uryzen_7_5800hsryzen_3_pro_7330uryzen_5_5500hryzen_5_5600hsryzen_3_5300geryzen_7_5825uryzen_7_5825u_firmwareryzen_5_6600hryzen_9_6980hxryzen_5_5560uryzen_9_7950xryzen_5_pro_7640uryzen_pro_7745ryzen_9_7900xryzen_7_7700xryzen_5_6600hsryzen_9_5900hsryzen_5_pro_7545u_firmwareryzen_7_7700x_firmwareryzen_7_5700gryzen_9_5980hsryzen_3_pro_7440u_firmwareryzen_3_5125c_firmwareryzen_9_6900hxryzen_5_7600ryzen_7_5800h_firmwareryzen_pro_7745_firmwareryzen_9_6900hsryzen_pro_7945_firmwareryzen_pro_7945ryzen_5_5500ryzen_7_pro_7840u_firmwareryzen_3_5400uryzen_pro_3900_firmwareryzen_7_7700_firmwareryzen_9_5980hs_firmwareryzen_7_7735uryzen_3_5300gryzen_5_7600x_firmwareryzen_7_6800h_firmwareryzen_7_6800u_firmwareryzen_5_5600ge_firmwareryzen_5_pro_7530uryzen_5_5600hs_firmwareryzen_5_5600h_firmwareryzen_7_pro_7840h_firmwareryzen_7_5700ryzen_9_6900hs_firmwareryzen_3_5400u_firmwareryzen_5_pro_7640u_firmwareryzen_7_6800hs_firmwareryzen_7_pro_7840uryzen_5_7535uryzen_7_7800x3dryzen_9_7900x3d_firmwareryzen_5_5500_firmwareryzen_5_pro_7640hsryzen_5_pro_7640h_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_7535u_firmwareryzen_5_pro_7640hryzen_7_6800uryzen_7_7736uryzen_5_5600gryzen_3_5425u_firmwareryzen_7_7735hsryzen_9_7900x3dryzen_5_5600uryzen_9_pro_7940hryzen_5_pro_7540u_firmwareryzen_pro_7645_firmwareryzen_9_5900hx_firmwareryzen_pro_3900ryzen_5_5600geryzen_9_7900_firmwareryzen_5_7600xryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_9_6980hs_firmwareryzen_7_5700geryzen_3_pro_7440uryzen_7_pro_7840hryzen_3_5125cryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_pro_7645ryzen_5_6600u_firmwareryzen_3_7335uryzen_7_5700g_firmwareryzen_5_7535hs_firmwareryzen_7_5700_firmwareryzen_5_7600_firmwareryzen_7_pro_7840hs_firmwareryzen_7_pro_7840hsryzen_5_7500f_firmwareryzen_5_7535hsryzen_3_5300g_firmwareryzen_5_7500fryzen_7_5800u_firmwareryzen_9_pro_7940hsryzen_7_7736u_firmwareryzen_5_6600hs_firmwareryzen_3_pro_7330u_firmwareryzen_3_5425uryzen_5_pro_7540uryzen_5_5560u_firmwareryzen_3_5100_firmwareryzen_9_5980hx_firmwareryzen_7_5800uryzen_9_5900hxryzen_9_7950x3d_firmwareryzen_5_5600g_firmwareryzen_9_7950x3dryzen_7_7700ryzen_5_5500h_firmwareryzen_5_pro_7545uryzen_3_5100ryzen_7_5800hryzen_7_pro_7730u_firmwareryzen_9_7900ryzen_9_7950x_firmwareryzen_5_pro_7530u_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700ge_firmwareryzen_9_6980hsryzen_7_6800hryzen_9_7900x_firmwareAMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD Ryzen™ Embedded V3000Ryzen™ 7000 Series Desktop Processors “Raphael” XD3AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R” Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-38630
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.47%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next
Details not found