CVE-2022-45451: Acronis Cyber Protect File System Minifilter Driver Privilege Escalation

Mike Alfaro 11/17/2022

Mike Alfaro, NephōSec Cybersecurity Engineer, submitted CVE-2022-45451 and it has been published to the CVE List. The CVE Record is now available for viewing by the public. The CVE details can be viewed on the following page:

https://security-advisory.acronis.com/advisories/SEC-4858 or can be downloaded from the CVE website. https://www.cve.org/ 

Overview

The Acronis Cyber Protect suite’s “ngscan.sys” driver does not properly restrict access to the file system minifilter’s communication port, allowing an arbitrary read of privileged files. 

How it works

A local malicious actor may open the filter communication port and issue commands to open a file for reading.

Risks

Sensitive information disclosure.

Detections and Mitigations

Update to the newest release of Acronis Cyber Protect products for Microsoft Windows.

You May Also Like

CVE-2021-44852 Biostar RACING GT Evo
TalkToUs
CVE-2022-3699 Lenovo Diagnostic Driver EoP - Arbitrary R/W