Remote Code Execution – Acronis Cyber Infrastructure (CVE-2023-45249). Due to the default passwords used, a remote unauthenticated attacker can gain access to an Acronis Cyber Infrastructure (ACI) server and execute arbitrary code.
ACI is a hyperconverged platform for storage, backup, computing, virtualization and networking.
🔻 Patches that fix this vulnerability were released on October 30, 2023 (❗️).
🔻 After 9-10 months, on July 24 of this year, Acronis noted in a bulletin that the vulnerability was exploited in the wild. The purpose of exploitation was to install a cryptominer. On July 29, the vulnerability was added to the CISA KEV.
Some sources report 20,000 service providers using ACI. I have not found any confirmation of this. Perhaps there is confusion with Acronis Cyber Protect. However, there are probably quite a few large companies using ACI. If you work for such a company, be sure to pay attention.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.