CVE-2023-41743
HIGHAcronis Cyber Protect and True Image OEM - Local Privilege Escalation via Insecure Driver Communication Port
Title source: llmDescription
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory vendor-advisory
https://security-advisory.acronis.com/advisories/SEC-5487
Release Notes, Vendor Advisory related
https://security-advisory.acronis.com/SEC-4858
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
12.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (11)
Acronis/Acronis Cyber Protect 15
unspecified - 35979
Acronis/Acronis Cyber Protect Cloud Agent
unspecified - 31637
Acronis/Acronis Cyber Protect Home Office
unspecified - 40278
Acronis/Acronis True Image OEM
unspecified - 42575
acronis/agent
< c23.02
acronis/cyber_protect
15 (6 CPE variants)
acronis/cyber_protect_home_office
acronis/cyber_protect_home_office
39900
acronis/cyber_protect_home_office
40107
acronis/cyber_protect_home_office
40173
... and 1 more
Published
Aug 31, 2023
Tracked Since
Feb 18, 2026