Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products
CVE-2024-55542

4.4MEDIUM

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16; Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-55542?

A local privilege escalation vulnerability exists in the Tray Monitor service of Acronis Cyber Protect products, where excessive permissions can lead to unauthorized access and escalation of user privileges. This affects Acronis Cyber Protect 16 and Acronis Cyber Protect Cloud Agent across multiple platforms, including Linux, macOS, and Windows, prior to specified build versions. Users and organizations utilizing these products should take immediate action to update their installations to mitigate potential security risks.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39169

Acronis Cyber Protect Cloud Agent Linux < 35895

References

https://security-advisory.acronis.com/advisories/SEC-5342

vendor-advisory

CVSS V3.0

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 6, 2024