July 29, 2024 at 01:25PM
Cybersecurity company Acronis warns of a critical security flaw, CVE-2023-45249, in its Cyber Infrastructure product, allowing remote code execution due to default passwords. Versions 5.0.1-61 to 5.4.4-132 are affected, with updates released in late October 2023. The exploit has been observed in the wild, urging affected users to update for protection against potential threats.
From the meeting notes, the key takeaways are:
– Acronis Cyber Infrastructure (ACI) has been affected by a critical security flaw, tracked as CVE-2023-45249 with a CVSS score of 9.8.
– The vulnerability involves remote code execution due to the use of default passwords and impacts several versions of ACI.
– The flaw has been addressed in updated versions released in late October 2023.
– Although details on how the vulnerability is being exploited in cyber attacks are currently unknown, reports of active exploitation have been acknowledged.
– Users of affected versions are advised to update to the latest version to mitigate potential threats.