Remote Cmd Exec via Default Passwords in Acronis Cyber Infra (ACI) <5.4.4-132
CVE-2023-45249 Published on July 24, 2024

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.

Vendor Advisory NVD

Known Exploited Vulnerability

This Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.

The following remediation steps are recommended / required by August 19, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Type

CWE-1393

Products Associated with CVE-2023-45249

Want to know whenever a new CVE is published for Acronis Cyber Infrastructure? stack.watch will email you.

Acronis Cyber Infrastructure
 

Affected Versions

Acronis Cyber Infrastructure: Acronis Cyber Infrastructure: Acronis Cyber Infrastructure: Acronis Cyber Infrastructure: Acronis Cyber Infrastructure: acronis cyber_infrastructure: acronis cyber_infrastructure: acronis cyber_infrastructure: acronis cyber_infrastructure: acronis cyber_infrastructure:

Exploit Probability

EPSS
93.46%
Percentile
99.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.