PT-2025-3129 · Acronis · Acronis Cyber Protect Cloud Agent+1
Published
2025-01-02
·
Updated
2025-01-03
·
CVE-2024-55542
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Acronis Cyber Protect 16 versions prior to build 39169
Acronis Cyber Protect Cloud Agent versions prior to build 35895
Description
The issue is related to local privilege escalation due to excessive permissions assigned to the Tray Monitor service. This allows for an escalation of privileges locally.
Recommendations
For Acronis Cyber Protect 16 versions prior to build 39169, update to a version after build 39169 to resolve the issue.
For Acronis Cyber Protect Cloud Agent versions prior to build 35895, update to a version after build 35895 to resolve the issue.
As a temporary workaround, consider restricting access to the Tray Monitor service until a patch is available.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acronis Cyber Protect 16
Acronis Cyber Protect Cloud Agent