Insecure Folder Permissions Lead to Local Privilege Escalation
CVE-2024-49389

7.8HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Files
Vendor: CVE Published:; 17 October 2024

What is CVE-2024-49389?

The vulnerability arises from insecure folder permissions within Acronis Cyber Files for Windows, allowing a local attacker to escalate privileges. This flaw impacts versions prior to build 9.0.0x24 and could enable unauthorized access to sensitive files or functionalities, posing significant security risks. Users are advised to review security measures and update to the latest version to mitigate the potential risks associated with this vulnerability. For further details, refer to the vendor advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Acronis Cyber Files Windows < 9.0.0x24

References

https://security-advisory.acronis.com/advisories/SEC-5319

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

@tkoyeung (https://hackerone.com/tkoyeung)

JSON

Acronis

What is CVE-2024-49389?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.