Acronis Alerts Users on Cyber Infrastructure Default Password Exploitation

July 26, 2024

Acronis has alerted its customers to a critical security vulnerability in its Cyber Infrastructure that could allow attackers to bypass server authentication using default credentials. The Cyber Infrastructure is part of the Acronis Cyber Protect (ACI), a unified platform that combines capabilities such as remote endpoint management, backup, and virtualization. This platform assists in running disaster recovery workloads and securely storing enterprise backup data. Over 20,000 service providers use ACI to protect more than 750,000 businesses in over 150 countries, according to Acronis.

The vulnerability, identified as CVE-2023-45249, can be exploited by unauthenticated attackers in low-complexity attacks, without the need for user interaction. Successful exploitation could result in remote code execution on unpatched ACI servers. This flaw, which was patched nine months ago, affects multiple products.

Acronis confirmed earlier this week in a new security advisory that the bug has been exploited in attacks. The company has urged administrators to patch their installations as soon as possible. The company was quoted as saying, 'This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild.' They added, 'Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle.'

Users can check if their servers are vulnerable by locating the build number of Acronis Cyber Protect, which can be found in the Help -> About dialog box from the software's main window. To update ACI to the latest available build, users are required to follow the guidelines provided by Acronis.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.