CVE-2023-45249
CVE-2023-45249
In short
Acronis Cyber Infrastructure allows attackers to execute commands remotely by using default passwords that were not changed during installation. This is critical because an attacker can gain full control of the system without needing to guess or crack passwords.
Technical detail
CWE-1393 involves use of hard-coded or default credentials in Acronis Cyber Infrastructure (ACI) across multiple versions, enabling unauthenticated remote command execution. An attacker with network access can leverage these default credentials to authenticate and execute arbitrary commands with system privileges. Affected versions include ACI 5.0.x, 5.1.x, 5.2.x, 5.3.x, and 5.4.x prior to specified patch levels.
Summary generated and translated by AI from the official description.
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Acronis · Acronis Cyber InfrastructureWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →