Acronis is warning of a critical vulnerability, tracked as CVE-2023-45249 (CVSS score of 9.8), in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild.
ACI is a comprehensive IT solution designed to provide cyber protection and data management. It combines several key functionalities, including software-defined storage, software-defined networking, and advanced monitoring and management tools.
The company addressed the vulnerability at the end of 2023. Remote attackers can exploit the vulnerability to execute arbitrary code, the issue is due to the use of default passwords.
Affected products include:
The company addressed the vulnerability with the release of ACI versions 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4, and 5.1 update 1.2. The company urges customers to patch the issue as soon as possible.
“This update contains fixes for 1 ctitical severity security vulnerability and should be installed immediately by all users.” reads the advisory published by the company. “This vulnerability is known to be exploited in the wild.”
Experts have issued a warning that attacks targeting ACI can pose significant risks to enterprises that depend on this solution. The exploitation of vulnerabilities in ACI could lead to serious issues, including data breaches, disruption of services, and potential financial losses. The critical nature of these vulnerabilities underscores the importance of timely updates and robust security measures for enterprises using ACI to safeguard their data and infrastructure.
The experts warn that attacks against ACI can cause severe problems to enterprises that rely on this solution.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ACI)