Lucene search

AcronisCVE-2023-41744

HistoryAug 31, 2023 - 4:15 p.m.

CVE-2023-41744

2023-08-3116:15:10

CWE-347

Acronis

web.nvd.nist.gov

cve-2023-41744

local privilege escalation

unsigned libraries

acronis agent

acronis cyber protect 15

macos

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.

Affected configurations

Nvd

Node

acronisagentRange<c22.10

acroniscyber_protectMatch15-

acroniscyber_protectMatch15update1

acroniscyber_protectMatch15update2

acroniscyber_protectMatch15update3

acroniscyber_protectMatch15update4

acroniscyber_protectMatch15update5

AND

applemacosMatch-

VendorProductVersionCPE
acronisagent*cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acronis	agent	*	cpe:2.3:a:acronis:agent::::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:-::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update1::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update2::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update3::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update4::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update5::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

CNA Affected

[
  {
    "vendor": "Acronis",
    "product": "Acronis Agent",
    "platforms": [
      "macOS"
    ],
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "30600",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Acronis",
    "product": "Acronis Cyber Protect 15",
    "platforms": [
      "macOS"
    ],
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "35979",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security-advisory.acronis.com/advisories/SEC-4728

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-41744