Local Privilege Escalation Vulnerability in Acronis Cyber Protect Products
CVE-2024-8766

Currently unrated

Key Information:

Vendor: Acronis
Status: Acronis Cyber Protect Cloud Agent; Acronis Cyber Protect 16
Vendor: CVE Published:; 16 September 2024

Summary

A vulnerability has been identified in Acronis Cyber Protect Cloud Agent and Acronis Cyber Protect 16 that allows local privilege escalation through DLL hijacking. This enables an attacker to exploit the system and gain unauthorized access, potentially leading to further security breaches. Users are advised to upgrade to the latest builds to mitigate these risks. For detailed information, please refer to the vendor advisory.

Affected Version(s)

Acronis Cyber Protect 16 Windows < 39169

Acronis Cyber Protect Cloud Agent Windows < 38235

References

https://security-advisory.acronis.com/advisories/SEC-7218

vendor-advisory

Timeline

Vulnerability published
Sep 16, 2024

Credit

@satz4797 (https://hackerone.com/satz4797)