Cybersecurity company Acronis is warning that a patched critical security flaw affecting its Cyber Infrastructure (ACI) product has been exploited in the wild.
Vulnerability, tracked as CVE-2023-45249 (CVSS Score: 9.8), concerns a case of remote code execution resulting from the use of default passwords.
A shortcoming impact following versions of Acronis Cyber Infrastructure (ACI) –
- < build 5.0.1-61
- < build 5.1.1-71
- < build 5.2.1-69
- < build 5.3.1-53, and
- < build 5.4.4-132
This was addressed in versions 5.4, Update 4.2, 5.2, Update 1.3, 5.3, Update 1.3, 5.0, Update 1.4, and 5.1, Update 1.2, released in late October 2023.
There are currently no details on how the vulnerability is used in actual cyberattacks or the identity of the threat actors who might exploit it.
However, the Swiss-headquartered company acknowledged reports of active exploitation in an updated advisory last week. “This vulnerability is known to be exploited in the wild,” the report said said.
Users of affected versions of ACI are advised to upgrade to the latest version to mitigate potential threats.
