Acronis, a well-known cybersecurity company, has issued an urgent warning about a critical security flaw in its Cyber Infrastructure (ACI) product that has been actively exploited in the wild. The vulnerability, identified as CVE-2023-45249, carries a high-severity CVSS score of 9.8 due to its potential for remote code execution via the use of default passwords.
Understanding the Vulnerability
The flaw impacts several versions of Acronis Cyber Infrastructure, including builds:
- < build 5.0.1-61
- < build 5.1.1-71
- < build 5.2.1-69
- < build 5.3.1-53
- < build 5.4.4-132
These versions have been patched in updates released in late October 2023, specifically:
- 5.4 update 4.2
- 5.2 update 1.3
- 5.3 update 1.3
- 5.0 update 1.4
- 5.1 update 1.2
The Exploitation in the Wild
Although detailed information on the exploitation methods and the identities of the threat actors remains undisclosed, Acronis has confirmed reports of active exploitation. In an updated advisory, the Swiss-headquartered company stated, “This vulnerability is known to be exploited in the wild.” This acknowledgment underscores the urgency for users of affected versions to update their systems immediately.
Governmental Response
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also responded by adding CVE-2023-45249 to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion mandates Federal Civilian Executive Branch (FCEB) agencies to remediate the flaw by August 19, 2024, highlighting the severity and potential impact of this vulnerability.
Acronis Cyber Infrastructure Overview
Acronis Cyber Infrastructure (ACI) is a comprehensive multi-tenant platform designed to integrate remote endpoint management, backup, and virtualization capabilities. It is widely used for running disaster recovery workloads and securely storing enterprise backup data. According to Acronis, over 20,000 service providers use ACI to protect more than 750,000 businesses across 150 countries.
The Scope of the Vulnerability
The CVE-2023-45249 vulnerability allows unauthenticated attackers to exploit default credentials in low-complexity attacks, enabling remote code execution on unpatched ACI servers. This flaw was patched nine months ago, affecting multiple Acronis products, including:
- ACI before build 5.0.1-61 (patched in ACI 5.0 update 1.4)
- ACI before build 5.1.1-71 (patched in ACI 5.1 update 1.2)
- ACI before build 5.2.1-69 (patched in ACI 5.2 update 1.3)
- ACI before build 5.3.1-53 (patched in ACI 5.3 update 1.3)
- ACI before build 5.4.4-132 (patched in ACI 5.4 update 4.2)
Earlier this week, Acronis reaffirmed the urgency in a new security advisory, urging administrators to patch their installations immediately. “This update contains fixes for one critical severity security vulnerability and should be installed immediately by all users,” the company emphasized. “Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle.”
Steps to Ensure Security
To check if your servers are vulnerable, users can verify the Acronis Cyber Protect build number by navigating to the Help -> About dialog box from the software’s main window. Updating to the latest build involves:
- Logging into your Acronis account (users can create an account and register their licenses using provided instructions).
- Downloading the latest ACI build from the “Products” section.
- Installing the update on vulnerable servers.
The Larger Picture
This incident highlights the ongoing challenges in cybersecurity, particularly the risks posed by default passwords and unpatched systems. As cyber threats continue to evolve, the importance of timely updates and vigilant security practices cannot be overstated. Acronis’s quick response and the subsequent actions by CISA underscore a coordinated effort to mitigate such vulnerabilities and protect critical infrastructure.
Conclusion
The CVE-2023-45249 vulnerability in Acronis Cyber Infrastructure is a stark reminder of the persistent and evolving nature of cyber threats. Organizations using ACI must prioritize updating their systems to safeguard against potential exploitation. Staying informed about such vulnerabilities and ensuring timely patches are applied is crucial in maintaining robust cybersecurity defenses. Acronis and CISA’s actions serve as a critical reminder for all organizations to remain vigilant and proactive in their cybersecurity efforts.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : Stargazer Goblin’s Malware Network: 3,000 Fake GitHub Accounts Uncovered
Pingback: Mandrake Spyware Resurfaces in Google Play Store: Over 32000 Devices Infected
Magnificent beat I would like to apprentice while you amend your site how can i subscribe for a blog web site The account helped me a acceptable deal I had been a little bit acquainted of this your broadcast offered bright clear idea
Hello my loved one I want to say that this post is amazing great written and include almost all significant infos I would like to look extra posts like this
I was recommended this website by my cousin I am not sure whether this post is written by him as nobody else know such detailed about my trouble You are amazing Thanks