CVE-2024-55540
Published: 02 January 2025
Summary
CVE-2024-55540 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-55540 is a local privilege escalation vulnerability stemming from DLL hijacking, classified under CWE-427. It affects Acronis Cyber Protect 16 for Windows in versions prior to build 39169. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.
A local attacker with no required privileges can exploit this issue by leveraging user interaction, such as convincing a user to execute a specific action that loads a malicious DLL in a searchable path. Successful exploitation enables privilege escalation, allowing the attacker to gain elevated access on the system and potentially compromise sensitive data, modify critical files, or disrupt operations.
The Acronis security advisory SEC-2245, available at https://security-advisory.acronis.com/advisories/SEC-2245, details mitigation steps and patches. Affected installations should be updated to Acronis Cyber Protect 16 build 39169 or later to address the vulnerability.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52794
Vulnerability details
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes DLL hijacking (T1574.002) enabling local privilege escalation (T1068) via malicious DLL in search order.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the DLL hijacking vulnerability by requiring timely patching to Acronis Cyber Protect 16 build 39169 or later as specified in the vendor advisory.
Enforces verification of signatures for DLLs prior to loading, preventing execution of malicious unsigned or improperly signed DLLs placed in searchable paths.
Monitors for unauthorized changes to software components including DLLs in hijackable directories, enabling detection of malicious DLL placement by local attackers.