Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials.
Acronis Cyber Protect (ACI) is a unified multi-tenant platform that combines remote endpoint management, backup, and virtualization capabilities and helps run disaster recovery workloads and store enterprise backup data securely.
Over 20,000 service providers use ACI to protect over 750,000 businesses across more than 150 countries, according to Acronis.
Unauthenticated attackers can exploit the vulnerability (tracked as CVE-2023-45249) in low-complexity attacks that don’t require user interaction to gain remote code execution on unpatched ACI servers.
The CVE-2023-45249 flaw was patched nine months ago and impacts multiple products, including:
- Acronis Cyber Infrastructure (ACI) before build 5.0.1-61 (patched in ACI 5.0 update 1.4),
- Acronis Cyber Infrastructure (ACI) before build 5.1.1-71 (patched in ACI 5.1 update 1.2),
- Acronis Cyber Infrastructure (ACI) before build 5.2.1-69 (patched in ACI 5.2 update 1.3),
- Acronis Cyber Infrastructure (ACI) before build 5.3.1-53 (patched in ACI 5.3 update 1.3),
- Acronis Cyber Infrastructure (ACI) before build 5.4.4-132 (patched in ACI 5.4 update 4.2).
Earlier this week, the company confirmed in a new security advisory that the bug has been exploited in attacks and warned admins to patch their installation as soon as possible.
"This update contains fixes for 1 ctitical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," Acronis said.
"Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle.”
To check if your servers are vulnerable, you can find Acronis Cyber Protect's build number by going into the Help -> About dialog box from the software's main window.
To update ACI to the latest available build, you have to:
- Log in to your account (you can create one and register your licenses using these instructions).
- Download the latest ACI build in the "Products" section and install it on vulnerable servers.
Related Articles:
Progress warns of critical RCE bug in Telerik Report Server
RCE bug in widely used Ghostscript library now exploited in attacks
SolarWinds fixes 8 critical bugs in access rights audit software
Critical Cisco bug lets hackers add root users on SEG devices
New regreSSHion OpenSSH RCE bug gives root on Linux servers
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________