Lucene search

AcronisCVE-2023-44157

HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-44157

2023-09-2715:19:37

CWE-276

Acronis

web.nvd.nist.gov

cve-2023-44157

local privilege escalation

insecure folder permissions

acronis cyber protect 15

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

4.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.

Affected configurations

Nvd

Node

acroniscyber_protectRange<15

acroniscyber_protectMatch15-

acroniscyber_protectMatch15update1

acroniscyber_protectMatch15update2

acroniscyber_protectMatch15update3

acroniscyber_protectMatch15update4

acroniscyber_protectMatch15update5

AND

microsoftwindowsMatch-

VendorProductVersionCPE
acroniscyber_protect*cpe:2.3:a:acronis:cyber_protect:*:*:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*
acroniscyber_protect15cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
acronis	cyber_protect	*	cpe:2.3:a:acronis:cyber_protect::::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:-::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update1::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update2::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update3::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update4::::::
acronis	cyber_protect	15	cpe:2.3:a:acronis:cyber_protect:15:update5::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "vendor": "Acronis",
    "product": "Acronis Cyber Protect 15",
    "platforms": [
      "Windows"
    ],
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "35979",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security-advisory.acronis.com/advisories/SEC-3956

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

4.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-44157