cbcvebase.
CVE-2023-48677
published 2023-12-12

CVE-2023-48677: Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build…

PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.25%
16.1th percentile
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.

Affected

5 ranges
VendorProductVersion rangeFixed in
acronisacronis_cyber_protect_16>= unspecified < 3993839938
acronisacronis_cyber_protect_cloud_agent>= unspecified < 3937839378
acronisacronis_cyber_protect_home_office>= unspecified < 4090140901
acronisacronis_true_image_oem>= unspecified < 4257542575
acroniscyber_protect_home_office< 4090140901

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.