Cyber Resilience

CVE-2024-55540

High

Published: 02 January 2025

Published
02 January 2025
Modified
06 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0016 5.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-55540 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-55540 is a local privilege escalation vulnerability stemming from DLL hijacking, classified under CWE-427. It affects Acronis Cyber Protect 16 for Windows in versions prior to build 39169. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

A local attacker with no required privileges can exploit this issue by leveraging user interaction, such as convincing a user to execute a specific action that loads a malicious DLL in a searchable path. Successful exploitation enables privilege escalation, allowing the attacker to gain elevated access on the system and potentially compromise sensitive data, modify critical files, or disrupt operations.

The Acronis security advisory SEC-2245, available at https://security-advisory.acronis.com/advisories/SEC-2245, details mitigation steps and patches. Affected installations should be updated to Acronis Cyber Protect 16 build 39169 or later to address the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes DLL hijacking (T1574.002) enabling local privilege escalation (T1068) via malicious DLL in search order.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-55543Same product: Acronis Cyber Protect
CVE-2022-28339Same product: Microsoft Windows
CVE-2025-57836Same product: Microsoft Windows
CVE-2025-33229Same product: Microsoft Windows
CVE-2025-21206Same vendor: Microsoft
CVE-2025-15558Same product: Microsoft Windows
CVE-2025-21127Same product: Microsoft Windows
CVE-2026-2713Same product: Microsoft Windows
CVE-2026-3775Same product: Microsoft Windows
CVE-2026-28710Same product: Acronis Cyber Protect

Affected Assets

acronis
cyber protect
16 · ≤ 15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the DLL hijacking vulnerability by requiring timely patching to Acronis Cyber Protect 16 build 39169 or later as specified in the vendor advisory.

prevent

Enforces verification of signatures for DLLs prior to loading, preventing execution of malicious unsigned or improperly signed DLLs placed in searchable paths.

detect

Monitors for unauthorized changes to software components including DLLs in hijackable directories, enabling detection of malicious DLL placement by local attackers.

References