Lucene search
CVE-2023-45249
🗓️ 24 Jul 2024 14:04:15Reported by AcronisType 
cve🔗 web.nvd.nist.gov📰️ 20 Media mentions👁 134 Views🌐 WEB
Remote command execution due to default passwords in Acronis Cyber Infrastructure (ACI) product
Show more
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Acronis Cyber Infrastructure Default Password Remote Code Execution | 3 Oct 202400:00 | – | packetstorm |
 | Acronis Cyber Infrastructure 5.1.x < 5.1.1-71 / 5.2.x < 5.2.1-69 / 5.3.x < 5.3.1-53 / 5.4.x < 5.4.4-132 / < 5.0.1-61 (SEC-6452) | 23 Aug 202400:00 | – | nessus |
 | Acronis Cyber Infrastructure default password remote code execution | 15 Sep 202419:47 | – | metasploit |
 | CVE-2023-45249 | 24 Jul 202414:15 | – | nvd |
 | Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild | 29 Jul 202416:17 | – | thn |
 | CVE-2023-45249 | 24 Jul 202414:03 | – | vulnrichment |
 | CVE-2023-45249 | 24 Jul 202414:03 | – | cvelist |
 | Acronis Cyber Infrastructure Default Password Remote Code Execution Exploit | 3 Oct 202400:00 | – | zdt |
 | CVE-2023-45249 | 24 Jul 202400:00 | – | attackerkb |
 | Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability | 29 Jul 202400:00 | – | cisa_kev |
10
Node
OROROROR
[
{
"vendor": "Acronis",
"product": "Acronis Cyber Infrastructure",
"platforms": [
"ACI"
],
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "5.0.1-61",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Acronis",
"product": "Acronis Cyber Infrastructure",
"platforms": [
"ACI"
],
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "5.1.1-71",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Acronis",
"product": "Acronis Cyber Infrastructure",
"platforms": [
"ACI"
],
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "5.2.1-69",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Acronis",
"product": "Acronis Cyber Infrastructure",
"platforms": [
"ACI"
],
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "5.3.1-53",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Acronis",
"product": "Acronis Cyber Infrastructure",
"platforms": [
"ACI"
],
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "5.4.4-132",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Source | Link |
|---|---|
| security-advisory | www.security-advisory.acronis.com/advisories/SEC-6452 |
| securityweek | www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/ |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| username | request body | /api/v2/login | Acronis Cyber Infrastructure allows remote command execution due to default password vulnerability leading to unauthorized access. | CWE-287 |
| password | request body | /api/v2/login | Acronis Cyber Infrastructure allows remote command execution due to default password vulnerability leading to unauthorized access. | CWE-287 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo24 Jul 2024 14:15Current
7.3High risk
Vulners AI Score7.3
CVSS39.8
EPSS0.89671