DLL Hijacking Vulnerability in Acronis Snap Deploy for Windows
CVE-2023-2355

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Snap Deploy
Vendor: CVE Published:; 27 April 2023

What is CVE-2023-2355?

Acronis Snap Deploy for Windows is susceptible to a local privilege escalation vulnerability caused by a DLL hijacking flaw. This vulnerability allows an attacker to exploit the system by manipulating the loading of dynamic link libraries, potentially leading to unauthorized access and control over the affected product. Affected users of Acronis Snap Deploy should upgrade to build 3900 or later to mitigate this risk. For further information, consult the official advisory from Acronis.

Affected Version(s)

Acronis Snap Deploy Windows < 3900

References

https://security-advisory.acronis.com/advisories/SEC-4048

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2023
Vulnerability Reserved
Apr 27, 2023