Local Privilege Escalation in Acronis Cyber Protect for macOS
CVE-2023-41744

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Agent; Acronis Cyber Protect 15
Vendor: CVE Published:; 31 August 2023

Summary

A local privilege escalation vulnerability exists in Acronis Cyber Protect and Acronis Agent for macOS due to the unrestricted loading of unsigned libraries. This flaw could allow an attacker with local access to execute arbitrary code with elevated privileges, potentially compromising the security and integrity of the system. Users are advised to update to the latest builds to mitigate this risk.

Affected Version(s)

Acronis Agent macOS < 30600

Acronis Cyber Protect 15 macOS < 35979

References

https://security-advisory.acronis.com/advisories/SEC-4728

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Aug 31, 2023

Credit

@vkas-afk (https://hackerone.com/vkas-afk)