PT-2023-5788 · Acronis · Acronis Cyber Protect 16+2
Published
2023-10-09
·
Updated
2024-02-27
·
CVE-2023-45248
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Acronis Cyber Protect Cloud Agent (Windows) versions before build 36497
Acronis Cyber Protect 16 (Windows) versions before build 37391
Acronis Agent (Windows) versions before build 36497
Description
The issue is related to a local privilege escalation due to a DLL hijacking vulnerability. This vulnerability is associated with an uncontrolled search path element. Exploitation of the vulnerability may allow an attacker to elevate their privileges.
Recommendations
For Acronis Cyber Protect Cloud Agent (Windows) versions before build 36497, update to build 36497 or later.
For Acronis Cyber Protect 16 (Windows) versions before build 37391, update to build 37391 or later.
For Acronis Agent (Windows) versions before build 36497, update to build 36497 or later.
As a temporary workaround, consider restricting access to vulnerable components until a patch is available.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis Agent
Acronis Cyber Protect 16
Acronis Cyber Protect Cloud Agent