Acronis True Image (macOS) Before Build 41396 Vulnerable to Local Privilege Escalation Due to OS Command Injection
CVE-2024-34013

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis True Image
Vendor: CVE Published:; 18 July 2024

Summary

A security vulnerability has been identified in Acronis True Image for macOS due to local privilege escalation stemming from OS command injection. This vulnerability can potentially allow unauthorized users to execute commands with elevated privileges, which could lead to harmful modifications or access to sensitive data on affected systems. It is critical for users and administrators to ensure that they update to the latest build to mitigate the risks associated with this vulnerability.

Affected Version(s)

Acronis True Image macOS < 41396

References

https://security-advisory.acronis.com/advisories/SEC-7035

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2024
Vulnerability Reserved
Apr 29, 2024

Credit

@redwise (https://hackerone.com/redwise)