Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.

Published

2024-07-24T14:15:04.867

Last Modified

2025-01-27T21:36:02.257

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-1393
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acronis	cyber_infrastructure	< 5.0.1-61	Yes
Application	acronis	cyber_infrastructure	< 5.1.1-71	Yes
Application	acronis	cyber_infrastructure	< 5.2.1-69	Yes
Application	acronis	cyber_infrastructure	< 5.3.1-53	Yes
Application	acronis	cyber_infrastructure	< 5.4.4-132	Yes

References

https://security-advisory.acronis.com/advisories/SEC-6452 Vendor Advisory ([email protected])
https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/ Press/Media Coverage ([email protected])
https://security-advisory.acronis.com/advisories/SEC-6452 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/ Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)