Cyber Resilience

CVE-2024-55543

High

Published: 02 January 2025

Published
02 January 2025
Modified
06 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0016 5.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-55543 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-55543 is a local privilege escalation vulnerability stemming from DLL hijacking, classified under CWE-427. It affects Acronis Cyber Protect 16 for Windows in versions prior to build 39169. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2025-01-02.

A local attacker requires no privileges (PR:N) but needs low-complexity attack steps (AC:L) and user interaction (UI:R), such as tricking a user into executing a specific action. Successful exploitation allows elevation to higher privileges, granting high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without changing scope (S:U).

The Acronis security advisory SEC-6418 at https://security-advisory.acronis.com/advisories/SEC-6418 provides details on mitigation, including patching to build 39169 or later for affected Acronis Cyber Protect 16 installations on Windows.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct DLL hijacking (CWE-427) enables local privilege escalation via search order/side-loading abuse.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-55540Same product: Acronis Cyber Protect
CVE-2022-28339Same product: Microsoft Windows
CVE-2025-57836Same product: Microsoft Windows
CVE-2025-33229Same product: Microsoft Windows
CVE-2025-21206Same vendor: Microsoft
CVE-2025-15558Same product: Microsoft Windows
CVE-2025-21127Same product: Microsoft Windows
CVE-2026-2713Same product: Microsoft Windows
CVE-2026-3775Same product: Microsoft Windows
CVE-2026-28710Same product: Acronis Cyber Protect

Affected Assets

acronis
cyber protect
16 · ≤ 15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the DLL hijacking vulnerability by requiring timely application of the vendor patch to Acronis Cyber Protect build 39169 or later.

prevent

Enforces secure configuration settings such as Windows safe DLL search order to prevent loading of malicious DLLs from untrusted paths.

prevent

Limits the privileges of Acronis Cyber Protect processes to the minimum necessary, reducing the impact and feasibility of privilege escalation via DLL hijacking.

References