Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-48677
CVE-2023-48677:
Acronis Cyber Protect Home Office vulnerability analysis and mitigation
Overview
Local privilege escalation due to DLL hijacking vulnerability affecting Acronis Cyber Protect Home Office (Windows) before build 40901 and Acronis Cyber Protect Cloud Agent (Windows) before build 39378. The vulnerability was disclosed on December 12, 2023 and assigned identifier CVE-2023-48677 (NVD, CVE).
Technical details
The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) with a CVSS v3.1 base score of 7.8 HIGH (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) according to NVD assessment. Acronis International GmbH assigned a slightly lower CVSS v3.0 score of 7.3 HIGH (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) (NVD).
Impact
If successfully exploited, this vulnerability allows local privilege escalation, potentially giving attackers elevated system access with high confidentiality, integrity, and availability impact (NVD).
Mitigation and workarounds
Users should upgrade Acronis Cyber Protect Home Office (Windows) to build 40901 or later, and Acronis Cyber Protect Cloud Agent (Windows) to build 39378 or later to remediate this vulnerability (NVD).
Additional resources
Source: This report was generated using AI
Related Acronis Cyber Protect Home Office vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management