CVE-2023-48677 — HIGH (7.8)

Q: How severe is CVE-2023-48677?

CVE-2023-48677 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48677?

Check the references section above for vendor advisories and patch information. Affected products include: Acronis Cyber Protect Home Office, Microsoft Windows.

Vulnerability Description

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Acronis	Cyber Protect Home Office	< 40901
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-427

References

https://security-advisory.acronis.com/advisories/SEC-5620Vendor Advisory
https://security-advisory.acronis.com/advisories/SEC-5620Vendor Advisory

FAQ

What is CVE-2023-48677?

CVE-2023-48677 is a vulnerability with a CVSS score of 7.8 (HIGH). Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (W...

How severe is CVE-2023-48677?

CVE-2023-48677 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48677?

Check the references section above for vendor advisories and patch information. Affected products include: Acronis Cyber Protect Home Office, Microsoft Windows.