Acronis is urging customers to apply a patch first issued nine months ago to help fix a flaw now actively being abused in the wild.
The vulnerability is described as a “remote command execution due to use of default passwords” flaw and, as the name suggests, allows attackers to authenticate and run malicious code on vulnerable servers remotely.
The bug is tracked as CVE-2023-45249 and carries a severity score of 9.8 (critical) according to the NVD.
Multiple versions affected
The issue was found in Acronis Cyber Infrastructure (ACI), a software-defined infrastructure service designed to provide secure and efficient storage, compute, and networking resources. It integrates with Acronis Cyber Protection solutions, thus offering a comprehensive approach to data protection and disaster recovery.
The platform supports diverse workloads and is optimized for performance, reliability, and ease of management. The company claims more than 20,000 service providers are using ACI, protecting more than 750,000 organizations in 150 countries.
The flaw was found on multiple versions of ACI, including builds older than 5.0.1-61 (patched in ACI 5.0 update 1.4), 5.1.1-71 (patched in ACI 5.1 update 1.2), 5.2.1-69 (patched in ACI 5.2 update 1.3), 5.3.1-53 (patched in ACI 5.3 update 1.3), and 5.4.4-132 (patched in ACI 5.4 update 4.2). In a security advisory, published last week, the company confirmed the bug being abused in the wild:
"This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," Acronis said.
"Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle."
A further statement sent to TechRadar Pro added, "CISA added CVE-2023-45249 to the list of known exploited vulnerabilities. Acronis identified the vulnerability nine months ago, and a security patch was released immediately. Customers running the older version of Acronis Cyber Infrastructure impacted by the vulnerability were promptly informed, provided a patch and recommended upgrading to the new version.
Acronis Cyber Protect Cloud, Acronis Cyber Protect and Acronis True Image customers were not affected by the vulnerability."
Via BleepingComputer
More from TechRadar Pro
- Acronis admits to mega data leak - but it might not be as bad as it seems
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
