Acronis warns of Cyber Infrastructure default password abused in attacks
Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials.
Acronis Cyber Protect (ACI) is a unified multi-tenant platform that combines remote endpoint management, backup, and virtualization capabilities and helps run disaster recovery workloads and store enterprise backup data securely.
Over 20,000 service providers use ACI to protect over 750,000 businesses across more than 150 countries, according to Acronis.
Unauthenticated attackers can exploit the vulnerability (tracked as CVE-2023-45249) in low-complexity attacks that don't require user interaction to gain remote code execution on unpatched ACI servers.
The CVE-2023-45249 flaw was patched nine months ago and impacts multiple products, including:
- Acronis Cyber Infrastructure (ACI) before build 5.0.1-61 (patched in ACI 5.0 update 1.4),
- Acronis Cyber Infrastructure (ACI) before build 5.1.1-71 (patched in ACI 5.1 update 1.2),
- Acronis Cyber Infrastructure (ACI) before build 5.2.1-69 (patched in ACI 5.2 update 1.3),
- Acronis Cyber Infrastructure (ACI) before build 5.3.1-53 (patched in ACI 5.3 update 1.3),
- Acronis Cyber Infrastructure (ACI) before build 5.4.4-132 (patched in ACI 5.4 update 4.2).
Earlier this week, the company confirmed in a new security advisory that the bug has been exploited in attacks and warned admins to patch their installation as soon as possible.
"This update contains fixes for 1 ctitical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," Acronis said.
"Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle."
To check if your servers are vulnerable, you can find Acronis Cyber Protect's build number by going into the Help -> About dialog box from the software's main window.
To update ACI to the latest available build, you have to:
- Log in to your account (you can create one and register your licenses using these instructions).
- Download the latest ACI build in the "Products" section and install it on vulnerable servers.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024