DLL Hijacking Vulnerability Affects Acronis Cyber Files (Windows)
CVE-2024-49390

7.3HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Files
Vendor: CVE Published:; 17 October 2024

Summary

A vulnerability has been identified in Acronis Cyber Files for Windows, which allows for local privilege escalation stemming from a DLL hijacking issue. This vulnerability allows an attacker to exploit the way the application loads dynamic link libraries, leading to potential unauthorized access to system resources. Users of Acronis Cyber Files versions prior to build 9.0.0x24 are at risk and should take necessary precautions as detailed in the vendor advisory.

Affected Version(s)

Acronis Cyber Files Windows < 9.0.0x24

References

https://security-advisory.acronis.com/advisories/SEC-5845

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

@xdanes09 (https://hackerone.com/xdanes09)