July 26, 2024 at 12:46PM
Acronis warned customers to patch a critical Cyber Infrastructure security flaw allowing attackers to bypass authentication on vulnerable servers. The flaw, labeled CVE-2023-45249, impacts multiple Acronis Cyber Infrastructure products. Over 20,000 service providers and 750,000 businesses use Acronis Cyber Protect to protect their data. The company advises users to update immediately to prevent exploitation.
Based on the meeting notes, the key takeaways are:
1. Acronis has warned its customers about a critical security flaw in Acronis Cyber Infrastructure (ACI) that allows attackers to bypass authentication on vulnerable servers using default credentials.
2. Over 20,000 service providers use ACI to protect over 750,000 businesses across more than 150 countries.
3. The vulnerability, tracked as CVE-2023-45249, allows unauthenticated attackers to exploit the flaw in low-complexity attacks to gain remote code execution on unpatched ACI servers.
4. The vulnerability impacts multiple products and has been exploited in attacks, prompting Acronis to issue a security advisory and urge admins to patch their installations immediately.
5. Acronis emphasizes the importance of keeping software up to date to maintain the security of its products, providing guidelines for support and security updates.
6. To check for vulnerabilities and update to the latest build of Acronis Cyber Protect, users are advised to follow specific steps, including finding the build number and downloading/installing the latest ACI build.
These takeaways summarize the critical security vulnerability, its impact, and the actions recommended by Acronis to address the issue promptly.