Insecure Folder Permissions Lead to Local Privilege Escalation
CVE-2024-49389

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Files
Vendor: CVE Published:; 17 October 2024

Summary

The vulnerability arises from insecure folder permissions within Acronis Cyber Files for Windows, allowing a local attacker to escalate privileges. This flaw impacts versions prior to build 9.0.0x24 and could enable unauthorized access to sensitive files or functionalities, posing significant security risks. Users are advised to review security measures and update to the latest version to mitigate the potential risks associated with this vulnerability. For further details, refer to the vendor advisory.

Affected Version(s)

Acronis Cyber Files Windows < 9.0.0x24

References

https://security-advisory.acronis.com/advisories/SEC-5319

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

@tkoyeung (https://hackerone.com/tkoyeung)