PT-2023-5802 · Acronis · Acronis Cyber Protect Home Office
Imag0R
·
Published
2023-08-31
·
Updated
2024-09-19
·
CVE-2022-46869
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Acronis Cyber Protect Home Office versions before build 40278
Description
The issue is related to improper soft link handling, which can lead to local privilege escalation during installation. This allows an attacker to elevate their privileges.
Recommendations
For Acronis Cyber Protect Home Office versions before build 40278, update to build 40278 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation process to minimize the risk of exploitation.
Fix
LPE
Improper Privilege Management
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Acronis Cyber Protect Home Office