Security News > 2024 > July > Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
![Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)](/static/build/img/news/critical-acronis-cyber-infrastructure-vulnerability-exploited-in-the-wild-cve-2023-45249-medium.jpg)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers.
Acronis Cyber Infrastructure is an IT infrastructure solution that provides storage, compute, and network resources.
Upgrade ASAP. The vulnerability was fixed nine months ago in ACI v5.0 update 1.4, v5.1 update 1.2, v5.2 update 1.3, v5.3 update 1.3, and v5.4 update 4.2.
"This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," the company added to the release notes for each of those updates, and published a security advisory last week.
Acronis says the vulnerability allows remote command execution, but did not share specifics or say whether the risk of exploitation can be mitigated by changing the default password.
We've asked Acronis to share more details, and will update this article when/if we receive a response.
News URL
https://www.helpnetsecurity.com/2024/07/29/cve-2023-45249/
Related news
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) (source)
- Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild (source)
- SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application (source)
- PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-24 | CVE-2023-45249 | Improper Authentication vulnerability in Acronis Cyber Infrastructure Remote command execution due to use of default passwords. | 9.8 |