DLL Hijacking Vulnerability Affects Acronis Cyber Files (Windows)
CVE-2024-49391

7.3HIGH

Key Information:

Vendor: Acronis
Status: Acronis Cyber Files
Vendor: CVE Published:; 17 October 2024

Summary

A local privilege escalation vulnerability has been identified in Acronis Cyber Files for Windows that may be exploited through DLL hijacking. This issue affects versions prior to build 9.0.0x24, allowing unauthorized users to elevate their privileges on the affected system. Vigilant monitoring and timely updates to the software are essential to mitigate the risk associated with this vulnerability.

Affected Version(s)

Acronis Cyber Files Windows < 9.0.0x24

References

https://security-advisory.acronis.com/advisories/SEC-7220

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

@satz4797 (https://hackerone.com/satz4797)