A critical security vulnerability [1] [3] [4], identified as CVE-2023-45249 and rated with a CVSS score of 9.8, has been discovered in Acronis Cyber Infrastructure (ACI) versions 5.0 to 5.4.
Description
This vulnerability allows remote attackers to execute arbitrary code by exploiting a default password [6]. It has been actively exploited in the wild [1], with reports of potential cryptojacking and ransomware attacks. Updates have been released for ACI versions 5.4, 5.2, 5.3, 5.0, and 5.1 [1] [4] [6], with patches included in versions 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4 [4], and 5.1 update 1.2 [1] [4], which were made available in late October 2023. Acronis advises immediate installation of these updates to mitigate the risk of exploitation [1]. Vulnerable instances can be identified by their build number in the “About” dialog box [2] [5].
Conclusion
It is crucial for users to keep their software up to date to ensure security and protect against potential attacks. Immediate installation of the updates is recommended to mitigate the risk of exploitation and safeguard systems from unauthorized access and malicious activities.
References
[1] https://www.helpnetsecurity.com/2024/07/29/cve-2023-45249/
[2] https://www.msspalert.com/brief/acronis-cyber-infrastructure-intrusions-exploit-default-credentials
[3] https://www.heise.de/news/Jetzt-patchen-Schadcode-Attacken-auf-Acronis-Cyber-Infrastructure-beobachtet-9816667.html
[4] https://thehackernews.com/2024/07/critical-flaw-in-acronis-cyber.html
[5] https://www.scmagazine.com/brief/ongoing-acronis-cyber-infrastructure-intrusions-exploit-default-credentials
[6] https://securityaffairs.com/166277/hacking/acronis-cyber-infrastructure-bug-exploited.html