Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis
CVE-2024-55540

7.8HIGH

Key Information:

Vendor
Acronis
Vendor
CVE Published:
2 January 2025

Summary

A vulnerability exists in Acronis Cyber Protect 16, specifically affecting Windows systems prior to build 39169, allowing for local privilege escalation through DLL hijacking. Attackers could leverage this vulnerability to execute code with elevated privileges, posing significant risks to user security and the integrity of the affected systems. It is crucial for users of Acronis Cyber Protect 16 to apply the necessary updates and patches to mitigate the potential impact of this vulnerability as highlighted in the vendor advisory.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 39169

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

@vanitas (https://hackerone.com/vanitas)
.