Acronis Releases Critical Security Advisory - 20240729001

Overview

Acronis has released a critical advisory related to a vulnerability found in their Acronis Cyber Infrastructure (ACI) product that could allow attackers to bypass authentication on vulnerable servers using default credentials.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
Acronis Cyber Infrastructure (ACI)	5.0.1 before build -61 5.1.1 before build -71 5.2.1 before build -69 5.3.1 before build -53 5.4.4 before build -132	CVE-2023-45249	9.8	Critical

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

• Acronis advisory: https://security-advisory.acronis.com/advisories/SEC-6452

Additional References

• BleepingComputer article: https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/