PT-2023-5804 · Acronis · Acronis Cyber Protect Home Office

Z3Ron3

Publicado

2023-08-31

Atualizado

2023-09-07

CVE-2022-46868

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect Home Office (Windows) versions before build 40173

Description The issue is related to local privilege escalation during recovery due to improper soft link handling. This could allow an attacker to elevate their privileges.

Recommendations For Acronis Cyber Protect Home Office (Windows) versions before build 40173, update to build 40173 or later to resolve the issue. As a temporary workaround, consider restricting access to the recovery feature until a patch is applied.

Correção

LPE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-610

Identificadores relacionados

BDU:2023-06490

CVE-2022-46868

Produtos afetados

Acronis Cyber Protect Home Office

PT-2023-5804 · Acronis · Acronis Cyber Protect Home Office

CVE-2022-46868

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5