Acronis recently warned about attackers exploiting a critical vulnerability, CVE-2023-45249, with a CVSS score of 9.8, in Acronis Cyber Infrastructure (ACI).
This vulnerability allows remote code execution due to default passwords and affects versions before specific builds of ACI. Acronis has released patches for this bug in last year’s updates across various versions. The company stressed the importance of applying these patches promptly, noting the vulnerability is actively exploited in the wild.
ACI, previously known as Acronis Storage and Acronis Software-Defined Infrastructure, is vital for businesses and service providers, offering a hyper-converged storage, computing, and virtualization platform.
CISA added CVE-2023-45249 to the list of known exploited vulnerabilities. Acronis identified the vulnerability nine months ago, and a security patch was released immediately. Customers running the older version of Acronis Cyber Infrastructure impacted by the vulnerability were promptly informed, provided a patch and recommended upgrading to the new version.
Acronis Cyber Protect Cloud, Acronis Cyber Protect and Acronis True Image customers were not affected by the vulnerability.
Read more – Acronis Product Vulnerability Exploited in the Wild
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.