CVE-2024-55543

High

Published: 02 January 2025

Published

02 January 2025

Modified

06 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0007 22.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

Security Summary

CVE-2024-55543 is a local privilege escalation vulnerability stemming from DLL hijacking, classified under CWE-427. It affects Acronis Cyber Protect 16 for Windows in versions prior to build 39169. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2025-01-02.

A local attacker requires no privileges (PR:N) but needs low-complexity attack steps (AC:L) and user interaction (UI:R), such as tricking a user into executing a specific action. Successful exploitation allows elevation to higher privileges, granting high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without changing scope (S:U).

The Acronis security advisory SEC-6418 at https://security-advisory.acronis.com/advisories/SEC-6418 provides details on mitigation, including patching to build 39169 or later for affected Acronis Cyber Protect 16 installations on Windows.

Details

CWE(s): CWE-427

Affected Products

acronis

cyber protect

16 · ≤ 15

References

https://security-advisory.acronis.com/advisories/SEC-6418
Vendor Advisory · security@acronis.com