CVE-2022-46868: 
Acronis Cyber Protect Home Office vulnerability analysis and mitigation

CVE-2022-46868 is a local privilege escalation vulnerability affecting Acronis Cyber Protect Home Office (Windows) versions before build 40173. The vulnerability stems from improper soft link handling during recovery operations (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) according to NVD's assessment, with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is categorized under CWE-610 (Externally Controlled Reference to a Resource in Another Sphere). Acronis International GmbH assigned a slightly lower CVSS score of 6.7 (MEDIUM) with vector string CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows local attackers to escalate privileges on affected systems through improper handling of soft links during recovery operations. This could potentially lead to unauthorized access to system resources and compromise of system security (NVD).

The vulnerability has been fixed in Acronis Cyber Protect Home Office (Windows) build 40173 and later versions. Users are advised to upgrade to the latest version to mitigate this security risk (NVD).