Lucene search

The Hacker NewsTHN:4024E9850FB9E2597A1F7AF294AE7D9B

HistoryJul 29, 2024 - 4:17 p.m.

Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild

2024-07-2916:17:00

The Hacker News

thehackernews.com

acronis cyber infrastructure

exploited

vulnerability

remote code execution

default passwords

security advisory

cybersecurity company

cve-2023-45249

threat actors

real-world attacks

mitigation

update.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.122

Percentile

95.5%

JSON

Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild.

The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords.

The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) -

< build 5.0.1-61
< build 5.1.1-71
< build 5.2.1-69
< build 5.3.1-53, and
< build 5.4.4-132

It has been addressed in versions 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4, and 5.1 update 1.2 released in late October 2023.

There are currently no details on how the vulnerability is being weaponized in real-world cyber attacks and the identity of the threat actors that may be exploiting it.

However, the Swiss-headquartered company acknowledged reports of active exploitation in an updated advisory last week. “This vulnerability is known to be exploited in the wild,” it said.

Users of affected versions of ACI are recommended to update to the latest version to mitigate potential threats.

Update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2023-45249 to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the flaw by August 19, 2024.

In a statement shared with The Hacker News following the publication of the story, Acronis said that the vulnerability was discovered and patched nine months ago.

“Customers running the older version of Acronis Cyber Infrastructure impacted by the vulnerability were promptly informed, provided a patch and recommended upgrading to the new version,” it said. Acronis Cyber Protect Cloud, Acronis Cyber Protect and Acronis True Image customers were not affected by the vulnerability."

“The Acronis support team received a request from a customer of Acronis Cyber Infrastructure about performance degradation. During the initial investigation, the Acronis team discovered crypto-mining software. After a prompt investigation by the security team, the vulnerability used to install the crypto-mining software was discovered, and a patch was released and delivered to the customer.”

(The story was updated after publication to include details of exploitation activity shared by Acronis.)

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.