{"api_version":"1","generated_at":"2026-04-23T09:40:19+00:00","cve":"CVE-2023-41743","urls":{"html":"https://cve.report/CVE-2023-41743","api":"https://cve.report/api/cve/CVE-2023-41743.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-41743","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-41743"},"summary":{"title":"CVE-2023-41743","description":"Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.","state":"PUBLISHED","assigner":"Acronis","published_at":"2023-08-31 16:15:10","updated_at":"2026-04-10 14:16:23"},"problem_types":["CWE-269","CWE-269 CWE-269"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"security@acronis.com","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"CNA","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","data":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}}],"references":[{"url":"https://security-advisory.acronis.com/SEC-4858","name":"https://security-advisory.acronis.com/SEC-4858","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"Acronis Advisory Database - Acronis","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security-advisory.acronis.com/advisories/SEC-5487","name":"https://security-advisory.acronis.com/advisories/SEC-5487","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"],"title":"Acronis Advisory Database - Acronis","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-41743","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41743","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect Home Office","version":"affected unspecified 40278 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect Cloud Agent","version":"affected unspecified 31637 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect 15","version":"affected unspecified 35979 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis True Image OEM","version":"affected unspecified 42575 semver","platforms":["Windows"]},{"source":"ADP","vendor":"acronis","product":"cyber_protect","version":"affected 35979 semver","platforms":[]},{"source":"ADP","vendor":"acronis","product":"cyber_protect_home_office","version":"affected 40278 semver","platforms":[]},{"source":"ADP","vendor":"acronis","product":"agent","version":"affected 31637 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"@alfarom256 (https://hackerone.com/alfarom256)","lang":"en"}],"nvd_cpes":[{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"agent","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect","cpe6":"15","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect","cpe6":"15","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect","cpe6":"15","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect","cpe6":"15","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect","cpe6":"15","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect","cpe6":"15","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect_home_office","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect_home_office","cpe6":"39900","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect_home_office","cpe6":"40107","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect_home_office","cpe6":"40173","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect_home_office","cpe6":"40208","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"41743","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2023","cve_id":"41743","cve":"CVE-2023-41743","epss":"0.000320000","percentile":"0.091210000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:57"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-02T19:09:47.982Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"SEC-5487","tags":["vendor-advisory","x_transferred"],"url":"https://security-advisory.acronis.com/advisories/SEC-5487"},{"name":"SEC-4858","tags":["related","x_transferred"],"url":"https://security-advisory.acronis.com/SEC-4858"}],"title":"CVE Program Container"},{"affected":[{"cpes":["cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"cyber_protect","vendor":"acronis","versions":[{"lessThan":"35979","status":"affected","version":"0","versionType":"semver"}]},{"cpes":["cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"cyber_protect_home_office","vendor":"acronis","versions":[{"lessThan":"40278","status":"affected","version":"0","versionType":"semver"}]},{"cpes":["cpe:2.3:a:acronis:agent:-:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"agent","vendor":"acronis","versions":[{"lessThan":"31637","status":"affected","version":"0","versionType":"semver"}]}],"metrics":[{"other":{"content":{"id":"CVE-2023-41743","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-10-01T17:29:00.348301Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-10-01T17:32:05.640Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect Home Office","vendor":"Acronis","versions":[{"lessThan":"40278","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect Cloud Agent","vendor":"Acronis","versions":[{"lessThan":"31637","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect 15","vendor":"Acronis","versions":[{"lessThan":"35979","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis True Image OEM","vendor":"Acronis","versions":[{"lessThan":"42575","status":"affected","version":"unspecified","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"@alfarom256 (https://hackerone.com/alfarom256)"}],"descriptions":[{"lang":"en","value":"Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575."}],"metrics":[{"cvssV3_0":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-10T13:15:35.617Z","orgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","shortName":"Acronis"},"references":[{"name":"SEC-5487","tags":["vendor-advisory"],"url":"https://security-advisory.acronis.com/advisories/SEC-5487"},{"name":"SEC-4858","tags":["related"],"url":"https://security-advisory.acronis.com/SEC-4858"}],"x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","assignerShortName":"Acronis","cveId":"CVE-2023-41743","datePublished":"2023-08-31T15:04:10.802Z","dateReserved":"2023-08-31T14:10:27.638Z","dateUpdated":"2026-04-10T13:15:35.617Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2023-08-31 16:15:10","lastModifiedDate":"2026-04-10 14:16:23","problem_types":["CWE-269","CWE-269 CWE-269"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2,"impactScore":6}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*","versionEndExcluding":"c23.02","matchCriteriaId":"6F4ABAEF-E87F-40CF-B8DA-5E70F9A480B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*","matchCriteriaId":"89899D10-1343-4276-919A-9C1DF2DB8B55"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*","matchCriteriaId":"A77B2499-B3A4-4278-BA0D-59AB59C60352"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*","matchCriteriaId":"BAF6A576-C320-4550-B7F8-4FCAE82FB06A"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*","matchCriteriaId":"9740A956-D589-4846-8717-B6182EB65F8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect:15:update4:*:*:*:*:*:*","matchCriteriaId":"9AB8B19B-2B40-4F1B-AE24-1C43D362E4BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect:15:update5:*:*:*:*:*:*","matchCriteriaId":"69506F27-DEF8-4317-9E54-D79CA430AD4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect_home_office:-:*:*:*:*:*:*:*","matchCriteriaId":"8418AF63-E280-4CE2-8E5C-DCD00ABE6557"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect_home_office:39900:*:*:*:*:*:*:*","matchCriteriaId":"E0894339-A1AD-4382-A4B0-C13FEDE1F076"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect_home_office:40107:*:*:*:*:*:*:*","matchCriteriaId":"6DE560C6-2EC0-4C58-AA31-B15512F45877"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect_home_office:40173:*:*:*:*:*:*:*","matchCriteriaId":"E47F65B4-ACD6-4507-9242-35530163A730"},{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect_home_office:40208:*:*:*:*:*:*:*","matchCriteriaId":"EE9F5E36-F752-4C7C-A678-D5B596A71C67"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"41743","Ordinal":"1","Title":"CVE-2023-41743","CVE":"CVE-2023-41743","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"41743","Ordinal":"1","NoteData":"Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Cyber Protect Cloud Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979, Acronis True Image OEM (Windows) before build 42575.","Type":"Description","Title":"CVE-2023-41743"}]}}}