Security News > 2024 > July > Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
2024-07-29 12:38

CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers.

Acronis Cyber Infrastructure is an IT infrastructure solution that provides storage, compute, and network resources.

Upgrade ASAP. The vulnerability was fixed nine months ago in ACI v5.0 update 1.4, v5.1 update 1.2, v5.2 update 1.3, v5.3 update 1.3, and v5.4 update 4.2.

"This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," the company added to the release notes for each of those updates, and published a security advisory last week.

Acronis says the vulnerability allows remote command execution, but did not share specifics or say whether the risk of exploitation can be mitigated by changing the default password.

We've asked Acronis to share more details, and will update this article when/if we receive a response.


News URL

https://www.helpnetsecurity.com/2024/07/29/cve-2023-45249/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2023-45249 Improper Authentication vulnerability in Acronis Cyber Infrastructure
Remote command execution due to use of default passwords.
network
low complexity
acronis CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Acronis 16 5 66 55 7 133