{"api_version":"1","generated_at":"2026-04-23T07:57:08+00:00","cve":"CVE-2024-34010","urls":{"html":"https://cve.report/CVE-2024-34010","api":"https://cve.report/api/cve/CVE-2024-34010.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-34010","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-34010"},"summary":{"title":"CVE-2024-34010","description":"Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575.","state":"PUBLISHED","assigner":"Acronis","published_at":"2024-04-29 16:15:35","updated_at":"2026-04-10 14:16:24"},"problem_types":["CWE-428","CWE-428 CWE-428"],"metrics":[{"version":"3.0","source":"security@acronis.com","type":"Secondary","score":"8.2","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.0","source":"CNA","type":"CVSS","score":"8.2","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","data":{"baseScore":8.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}}],"references":[{"url":"https://security-advisory.acronis.com/advisories/SEC-7110","name":"https://security-advisory.acronis.com/advisories/SEC-7110","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-34010","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34010","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect Cloud Agent","version":"affected unspecified 37758 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis Cyber Protect 16","version":"affected unspecified 38690 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis True Image","version":"affected unspecified 42386 semver","platforms":["Windows"]},{"source":"CNA","vendor":"Acronis","product":"Acronis True Image OEM","version":"affected unspecified 42575 semver","platforms":["Windows"]},{"source":"ADP","vendor":"acronis","product":"cyber_protect_cloud_agent","version":"affected - build_37758 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"@cyberexplorer (https://hackerone.com/cyberexplorer)","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"34010","cve":"CVE-2024-34010","epss":"0.000610000","percentile":"0.188950000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:57"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"cyber_protect_cloud_agent","vendor":"acronis","versions":[{"lessThan":"build_37758","status":"affected","version":"-","versionType":"custom"}]}],"metrics":[{"other":{"content":{"id":"CVE-2024-34010","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-04-29T16:59:36.817995Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-04T17:42:35.400Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-02T02:42:59.932Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"SEC-7110","tags":["vendor-advisory","x_transferred"],"url":"https://security-advisory.acronis.com/advisories/SEC-7110"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect Cloud Agent","vendor":"Acronis","versions":[{"lessThan":"37758","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis Cyber Protect 16","vendor":"Acronis","versions":[{"lessThan":"38690","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis True Image","vendor":"Acronis","versions":[{"lessThan":"42386","status":"affected","version":"unspecified","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Acronis True Image OEM","vendor":"Acronis","versions":[{"lessThan":"42575","status":"affected","version":"unspecified","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"@cyberexplorer (https://hackerone.com/cyberexplorer)"}],"descriptions":[{"lang":"en","value":"Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575."}],"metrics":[{"cvssV3_0":{"baseScore":8.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-428","description":"CWE-428","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-10T13:16:47.709Z","orgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","shortName":"Acronis"},"references":[{"name":"SEC-7110","tags":["vendor-advisory"],"url":"https://security-advisory.acronis.com/advisories/SEC-7110"}],"x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"73dc0fef-1c66-4a72-9d2d-0a0f4012c175","assignerShortName":"Acronis","cveId":"CVE-2024-34010","datePublished":"2024-04-29T15:48:14.398Z","dateReserved":"2024-04-29T15:33:32.845Z","dateUpdated":"2026-04-10T13:16:47.709Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-04-29 16:15:35","lastModifiedDate":"2026-04-10 14:16:24","problem_types":["CWE-428","CWE-428 CWE-428"],"metrics":{"cvssMetricV30":[{"source":"security@acronis.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"34010","Ordinal":"1","Title":"CVE-2024-34010","CVE":"CVE-2024-34010","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"34010","Ordinal":"1","NoteData":"Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575.","Type":"Description","Title":"CVE-2024-34010"}]}}}