Remote command execution in Acronis Cyber Infrastructure due to the use of default passwords

ISGroup Cybersecurity

A critical authentication bypass vulnerability in Acronis Cyber Infrastructure, identified as CVE-2023-45249, is currently being actively exploited. With a CVSS score of 9.8, this vulnerability allows an unauthenticated remote attacker to potentially execute arbitrary code on affected systems. Exploitation can occur if an attacker uses default credentials.

ProductAcronis Cyber Infrastructure
Date2024-08-08 10:48:18

Technical Summary

A critical authentication bypass vulnerability in Acronis Cyber Infrastructure, identified as CVE-2023-45249, is currently being actively exploited. With a CVSS score of 9.8, this vulnerability allows an unauthenticated remote attacker to potentially execute arbitrary code on affected systems. Exploitation can occur if an attacker uses default credentials.

[Callforaction-THREAT-Footer]