Local Privilege Escalation Vulnerability in Acronis Cyber Protect Home Office for Windows
CVE-2023-48677

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Home Office; Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 12 December 2023

Summary

Acronis Cyber Protect Home Office for Windows is susceptible to a local privilege escalation vulnerability caused by DLL hijacking. This issue allows an attacker to execute arbitrary code with elevated privileges, potentially compromising system integrity. Users are advised to update to the latest build (40901 or higher) to mitigate risks associated with this vulnerability.

Affected Version(s)

Acronis Cyber Protect Cloud Agent Windows < 39378

Acronis Cyber Protect Home Office Windows < 40901

References

https://security-advisory.acronis.com/advisories/SEC-5620

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

@veath (https://hackerone.com/veath)