{"api_version":"1","generated_at":"2026-04-23T08:40:06+00:00","cve":"CVE-2023-48677","urls":{"html":"https://cve.report/CVE-2023-48677","api":"https://cve.report/api/cve/CVE-2023-48677.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-48677","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-48677"},"summary":{"title":"CVE-2023-48677","description":"Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.","state":"PUBLISHED","assigner":"Acronis","published_at":"2023-12-12 09:15:08","updated_at":"2026-04-10 14:16:23"},"problem_types":["CWE-427","CWE-427 CWE-427"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"security@acronis.com","type":"Secondary","score":"7.3","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"CNA","type":"CVSS","score":"7.3","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","data":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.0"}}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-5620","name":"https://security-advisory.acronis.com/advisories/SEC-5620","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-48677","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48677","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect Home Office","version":"affected unspecified 40901 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect Cloud Agent","version":"affected unspecified 39378 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect 16","version":"affected unspecified 39938 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis True Image OEM","version":"affected unspecified 42575 semver","platforms":["Windows"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"@veath (https://hackerone.com/veath)","lang":"en"}],"nvd_cpes":[{"cve_year":"2023","cve_id":"48677","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"acronis","cpe5":"cyber_protect_home_office","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"48677","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2023","cve_id":"48677","cve":"CVE-2023-48677","epss":"0.000440000","percentile":"0.135220000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:57"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-02T21:37:54.463Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"SEC-5620","tags":["vendor-advisory","x_transferred"],"url":"https://security-advisory.acronis.com/advisories/SEC-5620"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect Home Office","vendor":"Acronis","versions":[{"lessThan":"40901","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect Cloud Agent","vendor":"Acronis","versions":[{"lessThan":"39378","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect 16","vendor":"Acronis","versions":[{"lessThan":"39938","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis True Image OEM","vendor":"Acronis","versions":[{"lessThan":"42575","status":"affected","version":"unspecified","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"@veath (https://hackerone.com/veath)"}],"descriptions":[{"lang":"en","value":"Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575."}],"metrics":[{"cvssV3_0":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"CWE-427","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-10T13:15:52.612Z","orgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","shortName":"Acronis"},"references":[{"name":"SEC-5620","tags":["vendor-advisory"],"url":"https://security-advisory.acronis.com/advisories/SEC-5620"}],"x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","assignerShortName":"Acronis","cveId":"CVE-2023-48677","datePublished":"2023-12-12T08:33:17.191Z","dateReserved":"2023-11-17T14:33:30.399Z","dateUpdated":"2026-04-10T13:15:52.612Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2023-12-12 09:15:08","lastModifiedDate":"2026-04-10 14:16:23","problem_types":["CWE-427","CWE-427 CWE-427"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*","versionEndExcluding":"40901","matchCriteriaId":"B290A506-C8A3-4C17-826A-D7ED623299B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"48677","Ordinal":"1","Title":"CVE-2023-48677","CVE":"CVE-2023-48677","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"48677","Ordinal":"1","NoteData":"Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938, Acronis True Image OEM (Windows) before build 42575.","Type":"Description","Title":"CVE-2023-48677"}]}}}