CVE-2023-41743
Summary
| CVE | CVE-2023-41743 |
|---|---|
| State | PUBLISHED |
| Assigner | Acronis |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-31 16:15:10 UTC |
| Updated | 2026-04-10 14:16:23 UTC |
| Description | Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575. |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.000320000 probability, percentile 0.091210000 (date 2026-04-15)
Problem Types: CWE-269 | CWE-269 CWE-269
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.0 | [email protected] | Secondary | 8.8 | HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.0 | CNA | CVSS | 8.8 | HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Acronis | Agent | All | All | All | All |
| Application | Acronis | Cyber Protect | 15 | - | All | All |
| Application | Acronis | Cyber Protect | 15 | update1 | All | All |
| Application | Acronis | Cyber Protect | 15 | update2 | All | All |
| Application | Acronis | Cyber Protect | 15 | update3 | All | All |
| Application | Acronis | Cyber Protect | 15 | update4 | All | All |
| Application | Acronis | Cyber Protect | 15 | update5 | All | All |
| Application | Acronis | Cyber Protect Home Office | - | All | All | All |
| Application | Acronis | Cyber Protect Home Office | 39900 | All | All | All |
| Application | Acronis | Cyber Protect Home Office | 40107 | All | All | All |
| Application | Acronis | Cyber Protect Home Office | 40173 | All | All | All |
| Application | Acronis | Cyber Protect Home Office | 40208 | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Acronis | Acronis Cyber Protect Home Office | affected unspecified 40278 semver | Windows |
| CNA | Acronis | Acronis Cyber Protect Cloud Agent | affected unspecified 31637 semver | Windows |
| CNA | Acronis | Acronis Cyber Protect 15 | affected unspecified 35979 semver | Windows |
| CNA | Acronis | Acronis True Image OEM | affected unspecified 42575 semver | Windows |
| ADP | Acronis | Cyber Protect | affected 35979 semver | Not specified |
| ADP | Acronis | Cyber Protect Home Office | affected 40278 semver | Not specified |
| ADP | Acronis | Agent | affected 31637 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Acronis Advisory Database - Acronis | af854a3a-2127-422b-91ae-364da2661108 | security-advisory.acronis.com | Release Notes, Vendor Advisory |
| Acronis Advisory Database - Acronis | af854a3a-2127-422b-91ae-364da2661108 | security-advisory.acronis.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: @alfarom256 (https://hackerone.com/alfarom256) (en)
There are currently no legacy QID mappings associated with this CVE.