PT-2023-5802 · Acronis · Acronis Cyber Protect Home Office

Imag0R

Publicado

2023-08-31

Atualizado

2024-09-19

CVE-2022-46869

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect Home Office versions before build 40278

Description The issue is related to improper soft link handling, which can lead to local privilege escalation during installation. This allows an attacker to elevate their privileges.

Recommendations For Acronis Cyber Protect Home Office versions before build 40278, update to build 40278 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation process to minimize the risk of exploitation.

Correção

LPE

Improper Privilege Management

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269CWE-59CWE-610

Identificadores relacionados

BDU:2023-06488

CVE-2022-46869

Produtos afetados

Acronis Cyber Protect Home Office

PT-2023-5802 · Acronis · Acronis Cyber Protect Home Office

CVE-2022-46869

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6