CVE-2023-48677
published 2023-12-12CVE-2023-48677: Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.25%
16.1th percentile
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acronis | acronis_cyber_protect_16 | >= unspecified < 39938 | 39938 |
| acronis | acronis_cyber_protect_cloud_agent | >= unspecified < 39378 | 39378 |
| acronis | acronis_cyber_protect_home_office | >= unspecified < 40901 | 40901 |
| acronis | acronis_true_image_oem | >= unspecified < 42575 | 42575 |
| acronis | cyber_protect_home_office | < 40901 | 40901 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Acronis Cyber Protect Home Office 2021/39900/40107/40278/40713 on Windows uncontrolled search path (EUVD-2023-52721)
vuldb·2026-04-11·CVSS 7.8
CVE-2023-48677 [HIGH] Acronis Cyber Protect Home Office 2021/39900/40107/40278/40713 on Windows uncontrolled search path (EUVD-2023-52721)
A vulnerability has been found in Acronis Cyber Protect Home Office 2021/39900/40107/40278/40713 on Windows and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to uncontrolled search path.
This vulnerability is listed as CVE-2023-48677. The attack must be carried out locally. There is no available exploit.
The affected component should be upgraded.
GHSA
GHSA-qgrp-jmm8-2jmf: Local privilege escalation due to DLL hijacking vulnerability
ghsa_unreviewed·2023-12-12
CVE-2023-48677 [HIGH] CWE-427 GHSA-qgrp-jmm8-2jmf: Local privilege escalation due to DLL hijacking vulnerability
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-12
Published