Security News > 2024 > July > Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers.
Acronis Cyber Infrastructure is an IT infrastructure solution that provides storage, compute, and network resources.
Upgrade ASAP. The vulnerability was fixed nine months ago in ACI v5.0 update 1.4, v5.1 update 1.2, v5.2 update 1.3, v5.3 update 1.3, and v5.4 update 4.2.
"This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," the company added to the release notes for each of those updates, and published a security advisory last week.
Acronis says the vulnerability allows remote command execution, but did not share specifics or say whether the risk of exploitation can be mitigated by changing the default password.
We've asked Acronis to share more details, and will update this article when/if we receive a response.
News URL
https://www.helpnetsecurity.com/2024/07/29/cve-2023-45249/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-24 | CVE-2023-45249 | Improper Authentication vulnerability in Acronis Cyber Infrastructure Remote command execution due to use of default passwords. | 9.8 |