July 29, 2024 at 08:18AM
Acronis warned of threat actors exploiting a critical vulnerability (CVE-2023-45249) in Acronis Cyber Infrastructure. The defect allows arbitrary code execution due to default passwords and impacts ACI releases before certain builds. The company urged customers to apply available patches promptly, emphasizing the potential dire consequences of unpatched instances.
Key takeaways from the meeting notes:
1. Acronis warned about the exploitation of a critical-severity vulnerability (CVE-2023-45249) in its Cyber Infrastructure (ACI) product, which allows threat actors to execute arbitrary code remotely due to the use of default passwords.
2. The vulnerability impacts ACI releases before build 5.0.1-61, build 5.1.1-71, build 5.2.1-69, build 5.3.1-53, and build 5.4.4-132. Acronis released patches for this vulnerability in ACI versions 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4, and 5.1 update 1.2.
3. It was noted that the vulnerability is known to be exploited in the wild, and all customers are urged to apply the available patches as soon as possible.
4. ACI is a multi-tenant, hyper-converged cyber protection platform that offers storage, compute, and virtualization capabilities to businesses and service providers.
5. Given the significance of ACI in enterprise environments, unpatched instances could have dire consequences if exploited.
6. Last year, there was an incident where a hacker published an archive file containing confidential data stolen from an Acronis customer’s account.
7. There are also related warnings about other vulnerabilities being exploited in the wild including Twilio Authy, Adobe Commerce, Apache HugeGraph, and Windows Event Log vulnerabilities.