CWE
269
Advisory Published
Updated

CVE-2022-3405

First published: Wed May 03 2023(Updated: )

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Credit: security@acronis.com

Affected SoftwareAffected VersionHow to fix
Acronis Cyber Backup=12.5
Acronis Cyber Backup=12.5-10130
Acronis Cyber Backup=12.5-10330
Acronis Cyber Backup=12.5-11010
Acronis Cyber Backup=12.5-13160
Acronis Cyber Backup=12.5-13400
Acronis Cyber Backup=12.5-14280
Acronis Cyber Backup=12.5-14330
Acronis Cyber Backup=12.5-16180
Acronis Cyber Backup=12.5-16318
Acronis Cyber Backup=12.5-16327
Acronis Cyber Backup=12.5-7641
Acronis Cyber Backup=12.5-7970
Acronis Cyber Backup=12.5-8850
Acronis Cyber Backup=12.5-9010
Acronis Cyber Protect=15
Acronis Cyber Protect=15-update1
Acronis Cyber Protect=15-update2
Acronis Cyber Protect=15-update3
Linux Linux kernel
Microsoft Windows

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-3405?

    CVE-2022-3405 is a vulnerability that allows code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent.

  • Which products are affected by CVE-2022-3405?

    The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

  • How severe is CVE-2022-3405?

    CVE-2022-3405 has a severity rating of 8.8 (critical).

  • How do I fix CVE-2022-3405?

    To fix CVE-2022-3405, upgrade to Acronis Cyber Protect 15 build 29486 or later, or Acronis Cyber Backup 12.5 build 16545 or later.

  • Are Linux and Microsoft Windows vulnerable to CVE-2022-3405?

    No, Linux and Microsoft Windows are not vulnerable to CVE-2022-3405.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203