Tag Archives: ACI

Trending vulnerabilities of July according to Positive Technologies

Leave a reply

Trending vulnerabilities of July according to Positive Technologies.

The SecLab film crew went on vacation. Therefore, there was a choice: to skip the episode of “In the trend of VM” about the July vulnerabilities, or to make a video myself. Which is what I tried to do. And from the next episode we will return to SecLab again.

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:33 Spoofing – Windows MSHTML Platform (CVE-2024-38112)
🔻 02:23 RCE – Artifex Ghostscript (CVE-2024-29510)
🔻 03:55 RCE – Acronis Cyber Infrastructure (CVE-2023-45249)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

На русском

Remote Code Execution – Acronis Cyber Infrastructure (CVE-2023-45249)

Leave a reply

Remote Code Execution - Acronis Cyber Infrastructure (CVE-2023-45249)

Remote Code Execution – Acronis Cyber Infrastructure (CVE-2023-45249). Due to the default passwords used, a remote unauthenticated attacker can gain access to an Acronis Cyber ​​Infrastructure (ACI) server and execute arbitrary code.

ACI is a hyperconverged platform for storage, backup, computing, virtualization and networking.

🔻 Patches that fix this vulnerability were released on October 30, 2023 (❗️).
🔻 After 9-10 months, on July 24 of this year, Acronis noted in a bulletin that the vulnerability was exploited in the wild. The purpose of exploitation was to install a cryptominer. On July 29, the vulnerability was added to the CISA KEV.

Some sources report 20,000 service providers using ACI. I have not found any confirmation of this. Perhaps there is confusion with Acronis Cyber ​​Protect. However, there are probably quite a few large companies using ACI. If you work for such a company, be sure to pay attention.

На русском