Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products
CVE-2024-34010

8.2HIGH

Key Information:

Vendor

Acronis
Status
Acronis Cyber Protect Cloud Agent
Acronis Cyber Protect 16
Acronis True Image
Vendor
CVE Published:
29 April 2024

What is CVE-2024-34010?

A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows for local privilege escalation. This vulnerability arises due to an unquoted search path, which could be exploited to gain unauthorized elevated privileges on affected Windows systems. Versions prior to build 37758 of Acronis Cyber Protect Cloud Agent and build 38690 of Acronis Cyber Protect 16 are susceptible. Users of these products are encouraged to update their software to mitigate potential security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Acronis Cyber Protect 16 Windows < 38690

Acronis Cyber Protect Cloud Agent Windows < 37758

Acronis True Image Windows < 42386

References

https://security-advisory.acronis.com/advisories/SEC-7110
vendor-advisory

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

CVSS V3.0

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Credit

@cyberexplorer (https://hackerone.com/cyberexplorer)
JSON
.