CVE-2024-55543

High

Published: 02 January 2025

Published

02 January 2025

Modified

06 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0007 22.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55543 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Acronis Cyber Protect. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the DLL hijacking vulnerability by requiring timely application of the vendor patch to Acronis Cyber Protect build 39169 or later.

CM-6 Configuration Settings partial match

prevent

Enforces secure configuration settings such as Windows safe DLL search order to prevent loading of malicious DLLs from untrusted paths.

AC-6 Least Privilege partial match

prevent

Limits the privileges of Acronis Cyber Protect processes to the minimum necessary, reducing the impact and feasibility of privilege escalation via DLL hijacking.

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth

Adversaries may execute their own malicious payloads by side-loading DLLs.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Direct DLL hijacking (CWE-427) enables local privilege escalation via search order/side-loading abuse.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

Deeper analysisAI

CVE-2024-55543 is a local privilege escalation vulnerability stemming from DLL hijacking, classified under CWE-427. It affects Acronis Cyber Protect 16 for Windows in versions prior to build 39169. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2025-01-02.

A local attacker requires no privileges (PR:N) but needs low-complexity attack steps (AC:L) and user interaction (UI:R), such as tricking a user into executing a specific action. Successful exploitation allows elevation to higher privileges, granting high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without changing scope (S:U).

The Acronis security advisory SEC-6418 at https://security-advisory.acronis.com/advisories/SEC-6418 provides details on mitigation, including patching to build 39169 or later for affected Acronis Cyber Protect 16 installations on Windows.

Details

CWE(s): CWE-427

Affected Products

acronis

cyber protect

16 · ≤ 15

CVEs Like This One

CVE-2024-55540Same product: Acronis Cyber Protect

CVE-2025-57836Same product: Microsoft Windows

CVE-2025-33229Same product: Microsoft Windows

CVE-2025-21206Same vendor: Microsoft

CVE-2025-15558Same product: Microsoft Windows

CVE-2025-21127Same product: Microsoft Windows

CVE-2026-2713Same product: Microsoft Windows

CVE-2026-3775Same product: Microsoft Windows

CVE-2026-28718Same product: Acronis Cyber Protect

CVE-2026-28710Same product: Acronis Cyber Protect

References

https://security-advisory.acronis.com/advisories/SEC-6418
Vendor Advisory · security@acronis.com