Security News > 2024 > July > Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers.
Acronis Cyber Infrastructure is an IT infrastructure solution that provides storage, compute, and network resources.
Upgrade ASAP. The vulnerability was fixed nine months ago in ACI v5.0 update 1.4, v5.1 update 1.2, v5.2 update 1.3, v5.3 update 1.3, and v5.4 update 4.2.
"This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," the company added to the release notes for each of those updates, and published a security advisory last week.
Acronis says the vulnerability allows remote command execution, but did not share specifics or say whether the risk of exploitation can be mitigated by changing the default password.
We've asked Acronis to share more details, and will update this article when/if we receive a response.
News URL
https://www.helpnetsecurity.com/2024/07/29/cve-2023-45249/
Related news
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) (source)
- CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) (source)
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-24 | CVE-2023-45249 | Improper Authentication vulnerability in Acronis Cyber Infrastructure Remote command execution due to use of default passwords. | 9.8 |