Cyber Posture

CVE-2024-55540

High

Published: 02 January 2025

Published
02 January 2025
Modified
06 March 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0007 21.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55540 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the DLL hijacking vulnerability by requiring timely patching to Acronis Cyber Protect 16 build 39169 or later as specified in the vendor advisory.

CM-14 Signed Components good match
prevent

Enforces verification of signatures for DLLs prior to loading, preventing execution of malicious unsigned or improperly signed DLLs placed in searchable paths.

SI-7 Software, Firmware, and Information Integrity partial match
detect

Monitors for unauthorized changes to software components including DLLs in hijackable directories, enabling detection of malicious DLL placement by local attackers.

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

CVE directly describes DLL hijacking (T1574.002) enabling local privilege escalation (T1068) via malicious DLL in search order.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

Deeper analysisAI

CVE-2024-55540 is a local privilege escalation vulnerability stemming from DLL hijacking, classified under CWE-427. It affects Acronis Cyber Protect 16 for Windows in versions prior to build 39169. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

A local attacker with no required privileges can exploit this issue by leveraging user interaction, such as convincing a user to execute a specific action that loads a malicious DLL in a searchable path. Successful exploitation enables privilege escalation, allowing the attacker to gain elevated access on the system and potentially compromise sensitive data, modify critical files, or disrupt operations.

The Acronis security advisory SEC-2245, available at https://security-advisory.acronis.com/advisories/SEC-2245, details mitigation steps and patches. Affected installations should be updated to Acronis Cyber Protect 16 build 39169 or later to address the vulnerability.

Details

CWE(s)
CWE-427

Affected Products

acronis
cyber protect
16 · ≤ 15

CVEs Like This One

CVE-2024-55543Same product: Acronis Cyber Protect
CVE-2025-57836Same product: Microsoft Windows
CVE-2025-33229Same product: Microsoft Windows
CVE-2025-21206Same vendor: Microsoft
CVE-2025-15558Same product: Microsoft Windows
CVE-2025-21127Same product: Microsoft Windows
CVE-2026-2713Same product: Microsoft Windows
CVE-2026-3775Same product: Microsoft Windows
CVE-2026-28718Same product: Acronis Cyber Protect
CVE-2026-28710Same product: Acronis Cyber Protect

References