8.8
CVE-2023-41743
- EPSS 0.03%
- Published 31.08.2023 16:15:10
- Last modified 21.11.2024 08:21:36
- Source security@acronis.com
- Teams watchlist Login
- Open Login
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.
Data is provided by the National Vulnerability Database (NVD)
Acronis ≫ Cyber Protect Version15 Update-
Acronis ≫ Cyber Protect Version15 Updateupdate1
Acronis ≫ Cyber Protect Version15 Updateupdate2
Acronis ≫ Cyber Protect Version15 Updateupdate3
Acronis ≫ Cyber Protect Version15 Updateupdate4
Acronis ≫ Cyber Protect Version15 Updateupdate5
Acronis ≫ Cyber Protect Home Office Version-
Acronis ≫ Cyber Protect Home Office Version39900
Acronis ≫ Cyber Protect Home Office Version40107
Acronis ≫ Cyber Protect Home Office Version40173
Acronis ≫ Cyber Protect Home Office Version40208
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.051 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@acronis.com | 8.8 | 2 | 6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.