CVE-2023-41743

{"id": "CVE-2023-41743", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@acronis.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-08-31T16:15:10.270", "references": [{"url": "https://security-advisory.acronis.com/SEC-4858", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@acronis.com"}, {"url": "https://security-advisory.acronis.com/advisories/SEC-5487", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@acronis.com"}, {"url": "https://security-advisory.acronis.com/SEC-4858", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-advisory.acronis.com/advisories/SEC-5487", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@acronis.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575."}, {"lang": "es", "value": "Escalada de privilegios locales debido a permisos inseguros del puerto de comunicaci\u00f3n del conductor. Los siguientes productos se ven afectados: Acronis Cyber ??Protect Home Office (Windows) antes de la compilaci\u00f3n 40278, Acronis Agent (Windows) antes de la compilaci\u00f3n 31637, Acronis Cyber ??Protect 15 (Windows) antes de la compilaci\u00f3n 35979."}], "lastModified": "2026-04-10T14:16:23.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F4ABAEF-E87F-40CF-B8DA-5E70F9A480B1", "versionEndExcluding": "c23.02"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69506F27-DEF8-4317-9E54-D79CA430AD4B"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8418AF63-E280-4CE2-8E5C-DCD00ABE6557"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:39900:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0894339-A1AD-4382-A4B0-C13FEDE1F076"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:40107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE560C6-2EC0-4C58-AA31-B15512F45877"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:40173:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E47F65B4-ACD6-4507-9242-35530163A730"}, {"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:40208:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE9F5E36-F752-4C7C-A678-D5B596A71C67"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@acronis.com"}