CVE-2023-41743 (GCVE-0-2023-41743)

Vulnerability from cvelistv5 – Published: 2023-08-31 15:04 – Updated: 2026-04-10 13:15
VLAI?
Summary
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.
Severity ?
8.8 (High)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Acronis Acronis Cyber Protect Home Office Affected: unspecified , < 40278 (semver)
Create a notification for this product.
Credits
@alfarom256 (https://hackerone.com/alfarom256)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:47.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SEC-5487",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security-advisory.acronis.com/advisories/SEC-5487"
          },
          {
            "name": "SEC-4858",
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://security-advisory.acronis.com/SEC-4858"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "cyber_protect",
            "vendor": "acronis",
            "versions": [
              {
                "lessThan": "35979",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "cyber_protect_home_office",
            "vendor": "acronis",
            "versions": [
              {
                "lessThan": "40278",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "agent",
            "vendor": "acronis",
            "versions": [
              {
                "lessThan": "31637",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41743",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T17:29:00.348301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T17:32:05.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect Home Office",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "40278",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect Cloud Agent",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "31637",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect 15",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "35979",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis True Image OEM",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42575",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "@alfarom256 (https://hackerone.com/alfarom256)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T13:15:35.617Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-5487",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-5487"
        },
        {
          "name": "SEC-4858",
          "tags": [
            "related"
          ],
          "url": "https://security-advisory.acronis.com/SEC-4858"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2023-41743",
    "datePublished": "2023-08-31T15:04:10.802Z",
    "dateReserved": "2023-08-31T14:10:27.638Z",
    "dateUpdated": "2026-04-10T13:15:35.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-41743",
      "date": "2026-04-26",
      "epss": "0.00041",
      "percentile": "0.12337"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"c23.02\", \"matchCriteriaId\": \"6F4ABAEF-E87F-40CF-B8DA-5E70F9A480B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"89899D10-1343-4276-919A-9C1DF2DB8B55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A77B2499-B3A4-4278-BA0D-59AB59C60352\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAF6A576-C320-4550-B7F8-4FCAE82FB06A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9740A956-D589-4846-8717-B6182EB65F8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"69506F27-DEF8-4317-9E54-D79CA430AD4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8418AF63-E280-4CE2-8E5C-DCD00ABE6557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect_home_office:39900:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0894339-A1AD-4382-A4B0-C13FEDE1F076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect_home_office:40107:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DE560C6-2EC0-4C58-AA31-B15512F45877\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect_home_office:40173:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E47F65B4-ACD6-4507-9242-35530163A730\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:acronis:cyber_protect_home_office:40208:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE9F5E36-F752-4C7C-A678-D5B596A71C67\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.\"}, {\"lang\": \"es\", \"value\": \"Escalada de privilegios locales debido a permisos inseguros del puerto de comunicaci\\u00f3n del conductor. Los siguientes productos se ven afectados: Acronis Cyber ??Protect Home Office (Windows) antes de la compilaci\\u00f3n 40278, Acronis Agent (Windows) antes de la compilaci\\u00f3n 31637, Acronis Cyber ??Protect 15 (Windows) antes de la compilaci\\u00f3n 35979.\"}]",
      "id": "CVE-2023-41743",
      "lastModified": "2024-11-21T08:21:36.350",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"security@acronis.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}]}",
      "published": "2023-08-31T16:15:10.270",
      "references": "[{\"url\": \"https://security-advisory.acronis.com/SEC-4858\", \"source\": \"security@acronis.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://security-advisory.acronis.com/advisories/SEC-5487\", \"source\": \"security@acronis.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://security-advisory.acronis.com/SEC-4858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://security-advisory.acronis.com/advisories/SEC-5487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@acronis.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@acronis.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-41743\",\"sourceIdentifier\":\"security@acronis.com\",\"published\":\"2023-08-31T16:15:10.270\",\"lastModified\":\"2026-04-10T14:16:23.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.\"},{\"lang\":\"es\",\"value\":\"Escalada de privilegios locales debido a permisos inseguros del puerto de comunicaci\u00f3n del conductor. Los siguientes productos se ven afectados: Acronis Cyber ??Protect Home Office (Windows) antes de la compilaci\u00f3n 40278, Acronis Agent (Windows) antes de la compilaci\u00f3n 31637, Acronis Cyber ??Protect 15 (Windows) antes de la compilaci\u00f3n 35979.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security@acronis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"c23.02\",\"matchCriteriaId\":\"6F4ABAEF-E87F-40CF-B8DA-5E70F9A480B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"89899D10-1343-4276-919A-9C1DF2DB8B55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77B2499-B3A4-4278-BA0D-59AB59C60352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF6A576-C320-4550-B7F8-4FCAE82FB06A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9740A956-D589-4846-8717-B6182EB65F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"69506F27-DEF8-4317-9E54-D79CA430AD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8418AF63-E280-4CE2-8E5C-DCD00ABE6557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect_home_office:39900:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0894339-A1AD-4382-A4B0-C13FEDE1F076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect_home_office:40107:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DE560C6-2EC0-4C58-AA31-B15512F45877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect_home_office:40173:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E47F65B4-ACD6-4507-9242-35530163A730\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:acronis:cyber_protect_home_office:40208:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE9F5E36-F752-4C7C-A678-D5B596A71C67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://security-advisory.acronis.com/SEC-4858\",\"source\":\"security@acronis.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security-advisory.acronis.com/advisories/SEC-5487\",\"source\":\"security@acronis.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security-advisory.acronis.com/SEC-4858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security-advisory.acronis.com/advisories/SEC-5487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security-advisory.acronis.com/advisories/SEC-5487\", \"name\": \"SEC-5487\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security-advisory.acronis.com/SEC-4858\", \"name\": \"SEC-4858\", \"tags\": [\"related\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:09:47.982Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-41743\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-01T17:29:00.348301Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*\"], \"vendor\": \"acronis\", \"product\": \"cyber_protect\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"35979\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*\"], \"vendor\": \"acronis\", \"product\": \"cyber_protect_home_office\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"40278\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*\"], \"vendor\": \"acronis\", \"product\": \"agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"31637\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-01T17:31:41.175Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"@alfarom256 (https://hackerone.com/alfarom256)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Acronis\", \"product\": \"Acronis Cyber Protect Home Office\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"40278\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Acronis\", \"product\": \"Acronis Cyber Protect Cloud Agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"31637\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Acronis\", \"product\": \"Acronis Cyber Protect 15\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"35979\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Acronis\", \"product\": \"Acronis True Image OEM\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"42575\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://security-advisory.acronis.com/advisories/SEC-5487\", \"name\": \"SEC-5487\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security-advisory.acronis.com/SEC-4858\", \"name\": \"SEC-4858\", \"tags\": [\"related\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269\"}]}], \"providerMetadata\": {\"orgId\": \"73dc0fef-1c66-4a72-9d2d-0a0f4012c175\", \"shortName\": \"Acronis\", \"dateUpdated\": \"2026-04-10T13:15:35.617Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-41743\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-10T13:15:35.617Z\", \"dateReserved\": \"2023-08-31T14:10:27.638Z\", \"assignerOrgId\": \"73dc0fef-1c66-4a72-9d2d-0a0f4012c175\", \"datePublished\": \"2023-08-31T15:04:10.802Z\", \"assignerShortName\": \"Acronis\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.