CVE-2023-41743

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.
References
Link Resource
https://security-advisory.acronis.com/SEC-4858 Release Notes Vendor Advisory
https://security-advisory.acronis.com/advisories/SEC-5487 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:39900:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:40107:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:40173:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:40208:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

06 Sep 2023, 00:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CWE CWE-269
References (MISC) https://security-advisory.acronis.com/advisories/SEC-5487 - (MISC) https://security-advisory.acronis.com/advisories/SEC-5487 - Release Notes, Vendor Advisory
References (MISC) https://security-advisory.acronis.com/SEC-4858 - (MISC) https://security-advisory.acronis.com/SEC-4858 - Release Notes, Vendor Advisory
First Time Acronis
Acronis agent
Microsoft
Microsoft windows
Acronis cyber Protect Home Office
Acronis cyber Protect
CPE cpe:2.3:a:acronis:cyber_protect_home_office:40173:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:40107:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:40208:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect_home_office:39900:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*

31 Aug 2023, 20:15

Type Values Removed Values Added
Summary Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979. Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.

31 Aug 2023, 17:25

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-31 16:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-41743

Mitre link : CVE-2023-41743

CVE.ORG link : CVE-2023-41743


JSON object : View

Products Affected

acronis

  • agent
  • cyber_protect
  • cyber_protect_home_office

microsoft

  • windows
CWE
CWE-269

Improper Privilege Management