Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products
CVE-2024-34010

8.2HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 29 April 2024

Summary

A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows for local privilege escalation. This vulnerability arises due to an unquoted search path, which could be exploited to gain unauthorized elevated privileges on affected Windows systems. Versions prior to build 37758 of Acronis Cyber Protect Cloud Agent and build 38690 of Acronis Cyber Protect 16 are susceptible. Users of these products are encouraged to update their software to mitigate potential security risks.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 38690

Acronis Cyber Protect Cloud Agent Windows < 37758

References

https://security-advisory.acronis.com/advisories/SEC-7110

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 29, 2024

Credit

@cyberexplorer (https://hackerone.com/cyberexplorer)