Login Sign Up

CVE-2022-46869

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to escalate privileges during installation of Acronis Cyber Protect Home Office on Windows systems. Attackers can exploit improper handling of symbolic links to gain elevated system permissions. Only Windows users running vulnerable versions of this specific Acronis product are affected.

💻 Affected Systems

Products:
  • Acronis Cyber Protect Home Office
Versions: All Windows versions before build 40278
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installation process on Windows systems. Requires local access to the system during installation.

📦 What is this software?

Cyber Protect Home Office by Acronis

View all CVEs affecting Cyber Protect Home Office →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, malware installation, and persistence establishment.

🟠

Likely Case

Local user with limited privileges gains administrative access to install unauthorized software, modify system settings, or access protected data.

🟢

If Mitigated

With proper user access controls and limited local user privileges, impact is contained to the compromised user account only.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access to vulnerable systems could exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and knowledge of symbolic link manipulation techniques. The vulnerability is in the installation process.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Build 40278 or later

Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-3835

Restart Required: Yes

Instructions:

1. Download latest version from Acronis website. 2. Uninstall current version. 3. Install updated version (build 40278+). 4. Restart system.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit standard user accounts to prevent exploitation attempts

Monitor installation processes

windows

Implement application control to monitor and restrict installation activities

🧯 If You Can't Patch

  • Restrict physical and remote access to vulnerable systems
  • Implement strict user privilege management and monitor for unusual installation activities

🔍 How to Verify

Check if Vulnerable:

Check Acronis Cyber Protect Home Office version in program settings or Control Panel > Programs and Features

Check Version:

wmic product where name='Acronis Cyber Protect Home Office' get version

Verify Fix Applied:

Verify installed version is build 40278 or higher in program settings

📡 Detection & Monitoring

Log Indicators:

  • Unusual installation processes, symbolic link creation events, privilege escalation attempts

Network Indicators:

  • None - local exploitation only

SIEM Query:

EventID=4688 OR EventID=4689 with process name containing 'Acronis' AND target process with elevated privileges

📊 Metadata

CVE ID: CVE-2022-46869
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-610
Published: August 31, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46869, you might also want to check these:

CVE-2025-22144 9.8

This vulnerability in NamelessMC allows attackers with admincp.core.emails or admincp.users.edit per...

Same vulnerability type (CWE-610)
CVE-2021-44041 9.8

This vulnerability in UiPath Assistant allows attackers to execute arbitrary code or capture NTLM cr...

Same vulnerability type (CWE-610)
CVE-2021-41244 9.1

This vulnerability in Grafana allows organization administrators to access and modify users in other...

Same vulnerability type (CWE-610)