CVE-2022-45451: Acronis Cyber Protect File System Minifilter Driver Privilege Escalation
Mike Alfaro 11/17/2022
Mike Alfaro, NephōSec Cybersecurity Engineer, submitted CVE-2022-45451 and it has been published to the CVE List. The CVE Record is now available for viewing by the public. The CVE details can be viewed on the following page:
https://security-advisory.acronis.com/advisories/SEC-4858 or can be downloaded from the CVE website. https://www.cve.org/
The Acronis Cyber Protect suite’s “ngscan.sys” driver does not properly restrict access to the file system minifilter’s communication port, allowing an arbitrary read of privileged files.
How it works
A local malicious actor may open the filter communication port and issue commands to open a file for reading.
Sensitive information disclosure.
Detections and Mitigations
Update to the newest release of Acronis Cyber Protect products for Microsoft Windows.