Swiss cybersecurity experts Acronis are urging their customers to apply a patch that was issued nine months ago, since it fixes a flaw that is now actively being abused in the wild.
The vulnerability is described as a “remote command execution due to use of default passwords” flaw and, as the name suggests, allows attackers to authenticate and run malicious code on vulnerable servers remotely.
The bug is tracked as CVE-2023-45249 and carries a severity score of 9.8 (critical) according to the NVD.
Multiple versions affected
It was found in Acronis Cyber Infrastructure (ACI), a software-defined infrastructure solution designed to provide secure and efficient storage, compute, and networking resources. It integrates with Acronis Cyber Protection solutions, thus offering a comprehensive approach to data protection and disaster recovery.
The platform supports diverse workloads and is optimized for performance, reliability, and ease of management. The company claims more than 20,000 service providers are using ACI, protecting more than 750,000 organizations in 150 countries.
The flaw was found on multiple versions of ACI, including builds older than 5.0.1-61 (patched in ACI 5.0 update 1.4), 5.1.1-71 (patched in ACI 5.1 update 1.2), 5.2.1-69 (patched in ACI 5.2 update 1.3), 5.3.1-53 (patched in ACI 5.3 update 1.3), and 5.4.4-132 (patched in ACI 5.4 update 4.2). In a security advisory, published last week, the company confirmed the bug being abused in the wild:
“This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild,” Acronis said.
“Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle.”
Via BleepingComputer
