CVE-2022-46869
31.08.2023, 20:15
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis True Image OEM (Windows) before build 42575.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| acronis | cyber_protect_home_office | 𝑥 < 40278 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| acronis | cyber_protect_home_office | 𝑥 < 40278 | ADP |
Common Weakness Enumeration
- CWE-610 - Externally Controlled Reference to a Resource in Another SphereThe product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.