Local Privilege Escalation in Acronis Cyber Protect 16 by Acronis
CVE-2024-55540
7.8HIGH
Summary
A vulnerability exists in Acronis Cyber Protect 16, specifically affecting Windows systems prior to build 39169, allowing for local privilege escalation through DLL hijacking. Attackers could leverage this vulnerability to execute code with elevated privileges, posing significant risks to user security and the integrity of the affected systems. It is crucial for users of Acronis Cyber Protect 16 to apply the necessary updates and patches to mitigate the potential impact of this vulnerability as highlighted in the vendor advisory.
Affected Version(s)
Acronis Cyber Protect 16 Windows < 39169
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
@vanitas (https://hackerone.com/vanitas)