CVE-2024-8766 MEDIUM

CVE-2024-8766

Vendor Acronis
Product Acronis Cyber Protect Cloud Agent
Weakness CWE-427
Published September 16, 2024
Last update January 2, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169.

Key dates

02Disclosure timeline

September 16, 2024 CVE published
January 2, 2025 Record updated