DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

Acronis warns of Cyber Infrastructure default password abused in attacks

0
Teilen:

​Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials.

Acronis Cyber Infrastructure (ACI) is a unified multi-tenant platform for cyber protection that combines remote endpoint management, backup, and virtualization capabilities. It’s also designed to run disaster recovery workloads and store enterprise backup data securely.

Unauthenticated attackers can exploit the vulnerability (tracked as CVE-2023-45249) in low-complexity attacks that don’t require user interaction to gain remote code execution on unpatched ACI servers.

The CVE-2023-45249 flaw was patched nine months ago and impacts multiple products, including:

  • Acronis Cyber Infrastructure (ACI) before build 5.0.1-61 (patched in ACI 5.0 update 1.4),
  • Acronis Cyber Infrastructure (ACI) before build 5.1.1-71 (patched in ACI 5.1 update 1.2),
  • Acronis Cyber Infrastructure (ACI) before build 5.2.1-69 (patched in ACI 5.2 update 1.3),
  • Acronis Cyber Infrastructure (ACI) before build 5.3.1-53 (patched in ACI 5.3 update 1.3),
  • Acronis Cyber Infrastructure (ACI) before build 5.4.4-132 (patched in ACI 5.4 update 4.2).

Earlier this week, the company confirmed in a new security advisory that the bug has been exploited in attacks and warned admins to patch their installation as soon as possible.

“This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild,” Acronis said.

“Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle.”

To check if your servers are vulnerable, you can find Acronis Cyber Infrastructure’s build number by going into the Help -> About dialog box from the software’s main window.

To update ACI to the latest available build, you have to:

  1. Log in to your account (you can create one and register your licenses using these instructions).
  2. Download the latest ACI build in the “Products” section and install it on vulnerable servers.

Acronis shared the following statement about the flaw with BleepingComputer.

“CVE-2023-45249 pertains to remote command execution vulnerability due to the use of default passwords. The Acronis security team has conducted a thorough analysis and assessed the critical risk level.

We have already implemented a patch to address this issue; the patch has been released and deployed. We have advised customers to upgrade to the latest version of Acronis Cyber Infrastructure (ACI) in order to fix the vulnerability.

The patch and fix were made available 9 months ago when the vulnerability was first detected. Customers should follow patch protocols posted here: https://security-advisory.acronis.com/advisories/SEC-6452.”

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
7:41 am, Jan. 21, 2025
Wetter-Symbol 2°C
L: 1° | H: 3°
fog
Luftfeuchtigkeit: 95 %
Druck: 1015 mb
Wind: 1 mph
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 9 km
Sonnenaufgang: 7:53 am
Sonnenuntergang: 4:29 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
1° | 3°°C 0 mm 0% 4 mph 95 % 1015 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
4° | 5°°C 1 mm 100% 5 mph 97 % 1009 mb 0 mm/h
Do. Jan. 23 9:00 pm
Wetter-Symbol
2° | 9°°C 1 mm 100% 17 mph 93 % 1008 mb 0 mm/h
Fr. Jan. 24 9:00 pm
Wetter-Symbol
6° | 11°°C 1 mm 100% 24 mph 90 % 1006 mb 0 mm/h
Sa. Jan. 25 9:00 pm
Wetter-Symbol
2° | 6°°C 1 mm 100% 12 mph 99 % 1013 mb 4.43 mm/h
Today 9:00 am
Wetter-Symbol
2° | 3°°C 0 mm 0% 2 mph 95 % 1015 mb 0 mm/h
Today 12:00 pm
Wetter-Symbol
3° | 5°°C 0 mm 0% 4 mph 89 % 1015 mb 0 mm/h
Today 3:00 pm
Wetter-Symbol
4° | 6°°C 0 mm 0% 3 mph 81 % 1013 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 82 % 1012 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 91 % 1011 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 95 % 1009 mb 0 mm/h
Tomorrow 3:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 96 % 1007 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
4° | 4°°C 0.84 mm 84% 3 mph 96 % 1005 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€98,198.00
-5.53%
Ethereum(ETH)
€3,125.58
-3.41%
XRP(XRP)
€2.96
-3.85%
Fesseln(USDT)
€0.96
0.01%
Solana(SOL)
€227.47
-8.16%
Dogecoin(DOGE)
€0.329563
-8.54%
USDC(USDC)
€0.96
0.00%
Shiba Inu(SHIB)
€0.000019
-7.04%
Pepe(PEPE)
€0.000014
-11.53%
Peanut das Eichhörnchen(PNUT)
€0.354320
-12.00%
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen