Cybersecurity and data protection technology company Acronis last week warned that threat actors are exploiting a critical-severity vulnerability patched nine months ago.
Tracked as CVE-2023-45249 (CVSS score of 9.8), the security defect impacts Acronis Cyber Infrastructure (ACI) and allows threat actors to execute arbitrary code remotely due to the use of default passwords.
According to the company, the bug impacts ACI releases before build 5.0.1-61, build 5.1.1-71, build 5.2.1-69, build 5.3.1-53, and build 5.4.4-132.
Last year, Acronis patched the vulnerability with the release of ACI versions 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4, and 5.1 update 1.2.
“This vulnerability is known to be exploited in the wild,” Acronis noted in an advisory update last week, without providing further details on the observed attacks, but urging all customers to apply the available patches as soon as possible.
Previously Acronis Storage and Acronis Software-Defined Infrastructure (SDI), ACI is a multi-tenant, hyper-converged cyber protection platform that offers storage, compute, and virtualization capabilities to businesses and service providers.
The solution can be installed on bare-metal servers to unite them in a single cluster for easy management, scaling, and redundancy.
Given the critical importance of ACI within enterprise environments, attacks exploiting CVE-2023-45249 to compromise unpatched instances could have dire consequences for the victim organizations.
Last year, a hacker published an archive file allegedly containing 12Gb of backup configuration data, certificate files, command logs, archives, system configurations and information logs, and scripts stolen from an Acronis customer’s account.
“The CISA added CVE-2023-45249 to the list of known exploited vulnerabilities. Acronis identified the vulnerability nine months ago, and a security patch was released immediately. Customers running the older version of Acronis Cyber Infrastructure impacted by the vulnerability were promptly informed, provided a patch and recommended upgrading to the new version. Acronis Cyber Protect Cloud, Acronis Cyber Protect and Acronis True Image customers were not affected by the vulnerability,” an Acronis spokesperson told SecurityWeek.
*Updated with statement from Acronis.
Related: Organizations Warned of Exploited Twilio Authy Vulnerability
Related: Recent Adobe Commerce Vulnerability Exploited in Wild
Related: Apache HugeGraph Vulnerability Exploited in Wild
Related: Windows Event Log Vulnerabilities Could Be Exploited to Blind Security Products
