CVE-2024-8766: 
Acronis Cyber Protect vulnerability analysis and mitigation

A local privilege escalation vulnerability due to DLL hijacking was discovered in Acronis products. The vulnerability affects Acronis Cyber Protect Cloud Agent (Windows) versions before build 38235 and Acronis Cyber Protect 16 (Windows) versions before build 39169. This vulnerability was assigned CVE-2024-8766 and was first reported on September 16, 2024 (NVD, CVE).

The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element). According to the CVSS 3.0 scoring system, it has received a base score of 6.7 (MEDIUM) with the following vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, high attack complexity, low privileges, and user interaction to exploit (NVD).

If successfully exploited, this vulnerability could lead to local privilege escalation, potentially allowing an attacker to gain elevated system privileges. The CVSS scoring indicates high potential impact on confidentiality, integrity, and availability of the affected systems (NVD).

Users of affected products should upgrade to Acronis Cyber Protect Cloud Agent (Windows) build 38235 or later, and Acronis Cyber Protect 16 (Windows) build 39169 or later (NVD).