Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products
CVE-2024-55542

Currently unrated

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect 16; Acronis Cyber Protect Cloud Agent
Vendor: CVE Published:; 2 January 2025

Summary

A local privilege escalation vulnerability exists in the Tray Monitor service of Acronis Cyber Protect products, where excessive permissions can lead to unauthorized access and escalation of user privileges. This affects Acronis Cyber Protect 16 and Acronis Cyber Protect Cloud Agent across multiple platforms, including Linux, macOS, and Windows, prior to specified build versions. Users and organizations utilizing these products should take immediate action to update their installations to mitigate potential security risks.

Affected Version(s)

Acronis Cyber Protect 16 Linux < 39169

Acronis Cyber Protect Cloud Agent Linux < 35895

References

https://security-advisory.acronis.com/advisories/SEC-5342

vendor-advisory

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 6, 2024