CVE-2024-55542 is a local privilege escalation vulnerability identified in Acronis Cyber Protect 16 and Acronis Cyber Protect Cloud Agent on Linux, macOS, and Windows platforms. The root cause is excessive permissions assigned to the Tray Monitor service, which is a component responsible for monitoring and managing the Acronis protection environment. Due to improper access control, a local attacker with limited privileges can exploit this flaw to gain higher-level privileges on the affected system. This vulnerability is classified under CWE-266, which relates to improper permissions or access control. The CVSS 3.0 base score of 4.4 reflects that the attack vector is local, requires low complexity, and privileges are required but no user interaction is needed. The impact includes potential unauthorized access to sensitive data and modification of system or application configurations, compromising confidentiality and integrity. Availability is not impacted. The vulnerability affects all three major operating systems supported by Acronis Cyber Protect products, increasing the scope of affected environments. No public exploits or active exploitation in the wild have been reported to date. The affected versions are those prior to build 39169 for Acronis Cyber Protect 16 and build 35895 for the Cloud Agent. The vendor has not yet published patches but the issue is tracked and recognized by CISA, indicating the importance of timely remediation. This vulnerability is particularly concerning for organizations that rely on Acronis Cyber Protect for backup and cybersecurity, as privilege escalation can undermine the security posture and potentially lead to further compromise.

The primary impact of CVE-2024-55542 is the potential for local attackers to escalate privileges from a limited user account to higher-privileged accounts, possibly administrative or system-level. This can lead to unauthorized access to sensitive data, modification or disabling of security controls, and persistence mechanisms that undermine the integrity of the protected environment. While availability is not directly affected, the compromise of confidentiality and integrity can have severe consequences, including data breaches, tampering with backup data, or disabling protection mechanisms. Organizations with multiple users having local access or those that allow less trusted users on endpoints are at increased risk. Since the vulnerability affects multiple operating systems, it broadens the attack surface. The absence of known exploits in the wild currently reduces immediate risk, but the medium severity rating and the nature of privilege escalation make this a significant concern for enterprise environments, especially those in regulated industries or with critical infrastructure. Failure to address this vulnerability could facilitate lateral movement and deeper compromise in targeted attacks.

Organizations should implement the following specific mitigations: 1) Monitor and restrict local user permissions rigorously, ensuring that only trusted users have local access to systems running Acronis Cyber Protect products. 2) Apply principle of least privilege to all user accounts and services to minimize the risk of privilege escalation. 3) Once available, promptly apply vendor patches or updated builds (build 39169 or later for Cyber Protect 16 and build 35895 or later for Cloud Agent). 4) Audit and harden the permissions of the Tray Monitor service manually if possible, by reviewing service permissions and adjusting them to the minimum necessary. 5) Employ endpoint detection and response (EDR) tools to detect unusual privilege escalation attempts or suspicious activity related to Acronis services. 6) Limit the installation of Acronis Cyber Protect products to systems where local user access can be tightly controlled. 7) Maintain up-to-date backups and verify their integrity to mitigate potential impacts of compromise. 8) Educate system administrators and security teams about this vulnerability and monitor vendor advisories for updates or additional mitigations.