Acronis Cyber Infrastructure Vulnerable to Remote Command Execution Due to Default Passwords
CVE-2023-45249

9.8CRITICAL

Key Information:

Vendor
Acronis
Status
Acronis Cyber Infrastructure
Vendor
CVE Published:
24 July 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 89%🦅 CISA Reported📰 News Worthy

Summary

The vulnerability CVE-2023-45249 affects Acronis Cyber Infrastructure (ACI) and allows for remote command execution due to the use of default passwords. This vulnerability has been exploited in the wild, and threat actors taking advantage of it do not require authentication or user interaction. The impacted versions of ACI are 5.0 before build 5.0.1-61, 5.1 before build 5.1.1-71, 5.2 before build 5.2.1-69, 5.3 before build 5.3.1-53, and 5.4 before build 5.4.4-132. The vendor, Acronis, has issued updates to mitigate this vulnerability and recommends that all users install the updates immediately. The company has not provided specific details on the nature of the attacks or how to mitigate the risk of exploitation. However, the potential impact could involve remote code execution, with possible implications for cryptojacking and ransomware attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Acronis Cyber Infrastructure ACI < 5.0.1-61

Acronis Cyber Infrastructure ACI < 5.1.1-71

Acronis Cyber Infrastructure ACI < 5.2.1-69

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2023-45249
Created by Rapid7

News Articles

favicon imageThe Stack

CISA warns of three critical exploited vulnerabilities

Vulnerabilities identified in workplace and cybersecurity products offered by ServiceNow and Acronis

favicon imageSC Media

Ongoing Acronis Cyber Infrastructure intrusions exploit default credentials

Threat actors exploiting the flaw, tracked as CVE-2023-45249, could facilitate remote code execution without any authentication or user interaction in Acronis Cyber Protect instances.

favicon imageHelp Net Security

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) - Help Net Security

CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited in the wild.

References

https://security-advisory.acronis.com/advisories/SEC-6452
vendor-advisory
https://www.securityweek.com/acronis-product-vulnerabilit...

EPSS Score

89% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.