CVE-2023-48677

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 427

Summary

CVE-2023-48677 is a local privilege escalation vulnerability that can be exploited through DLL hijacking. This issue affects Acronis Cyber Protect Home Office for Windows before build 40901. Successful exploitation allows attackers to gain elevated system privileges, potentially leading to significant security implications. The vulnerability arises due to the application's failure to properly validate DLLs during execution, enabling an attacker to substitute a malicious DLL with higher privileges, escalating their access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Acronis Cyber Protect Home Office

Affected Vendors

Acronis International

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tc3_dj
https://www.cve.org/CVERecord?id=CVE-2023-48677
https://nvd.nist.gov/vuln/detail/CVE-2023-48677

Back to Vulnerability Database