Acronis Snap Deploy DLL Hijacking Vulnerability
CVE-2024-34019

7.3HIGH

Key Information:

Vendor
Acronis
Vendor
CVE Published:
29 August 2024

Summary

A recent vulnerability has been identified in Acronis Snap Deploy for Windows, allowing local privilege escalation due to improper handling of DLL files, commonly known as DLL hijacking. This security flaw could enable an attacker with local access to escalate their privileges, potentially leading to unauthorized actions within the affected system. It is crucial for users of Acronis Snap Deploy to apply any available patches or updates to mitigate this vulnerability. For more detailed information, refer to the official advisory at Acronis security advisory SEC-3079.

Affected Version(s)

Acronis Snap Deploy Windows < 4569

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

@mmg (https://hackerone.com/mmg)
.