CVE-2022-3405
First published: Wed May 03 2023(Updated: )
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Credit: security@acronis.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Acronis Cyber Backup | =12.5 | |
| Acronis Cyber Backup | =12.5-10130 | |
| Acronis Cyber Backup | =12.5-10330 | |
| Acronis Cyber Backup | =12.5-11010 | |
| Acronis Cyber Backup | =12.5-13160 | |
| Acronis Cyber Backup | =12.5-13400 | |
| Acronis Cyber Backup | =12.5-14280 | |
| Acronis Cyber Backup | =12.5-14330 | |
| Acronis Cyber Backup | =12.5-16180 | |
| Acronis Cyber Backup | =12.5-16318 | |
| Acronis Cyber Backup | =12.5-16327 | |
| Acronis Cyber Backup | =12.5-7641 | |
| Acronis Cyber Backup | =12.5-7970 | |
| Acronis Cyber Backup | =12.5-8850 | |
| Acronis Cyber Backup | =12.5-9010 | |
| Acronis Cyber Protect | =15 | |
| Acronis Cyber Protect | =15-update1 | |
| Acronis Cyber Protect | =15-update2 | |
| Acronis Cyber Protect | =15-update3 | |
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-3405?
CVE-2022-3405 is a vulnerability that allows code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent.
Which products are affected by CVE-2022-3405?
The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
How severe is CVE-2022-3405?
CVE-2022-3405 has a severity rating of 8.8 (critical).
How do I fix CVE-2022-3405?
To fix CVE-2022-3405, upgrade to Acronis Cyber Protect 15 build 29486 or later, or Acronis Cyber Backup 12.5 build 16545 or later.
Are Linux and Microsoft Windows vulnerable to CVE-2022-3405?
No, Linux and Microsoft Windows are not vulnerable to CVE-2022-3405.
- collector/nvd-latest
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/author
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/acronis
- canonical/acronis cyber backup
- version/acronis cyber backup/12.5
- version/acronis cyber backup/12.5-10130
- version/acronis cyber backup/12.5-10330
- version/acronis cyber backup/12.5-11010
- version/acronis cyber backup/12.5-13160
- version/acronis cyber backup/12.5-13400
- version/acronis cyber backup/12.5-14280
- version/acronis cyber backup/12.5-14330
- version/acronis cyber backup/12.5-16180
- version/acronis cyber backup/12.5-16318
- version/acronis cyber backup/12.5-16327
- version/acronis cyber backup/12.5-7641
- version/acronis cyber backup/12.5-7970
- version/acronis cyber backup/12.5-8850
- version/acronis cyber backup/12.5-9010
- canonical/acronis cyber protect
- version/acronis cyber protect/15
- version/acronis cyber protect/15-update1
- version/acronis cyber protect/15-update2
- version/acronis cyber protect/15-update3
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows