Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Acronis warns thousands of customers to patch this security issue now

Padlock against circuit board/cybersecurity background.

Acronis is urging customers to apply a patch first issued nine months ago to help fix a flaw now actively being abused in the wild. 

The vulnerability is described as a “remote command execution due to use of default passwords” flaw and, as the name suggests, allows attackers to authenticate and run malicious code on vulnerable servers remotely.

The bug is tracked as CVE-2023-45249 and carries a severity score of 9.8 (critical) according to the NVD.

Multiple versions affected

The issue was found in Acronis Cyber Infrastructure (ACI), a software-defined infrastructure service designed to provide secure and efficient storage, compute, and networking resources. It integrates with Acronis Cyber Protection solutions, thus offering a comprehensive approach to data protection and disaster recovery. 

The platform supports diverse workloads and is optimized for performance, reliability, and ease of management. The company claims more than 20,000 service providers are using ACI, protecting more than 750,000 organizations in 150 countries.

The flaw was found on multiple versions of ACI, including builds older than 5.0.1-61 (patched in ACI 5.0 update 1.4), 5.1.1-71 (patched in ACI 5.1 update 1.2), 5.2.1-69 (patched in ACI 5.2 update 1.3), 5.3.1-53 (patched in ACI 5.3 update 1.3), and 5.4.4-132 (patched in ACI 5.4 update 4.2). In a security advisory, published last week, the company confirmed the bug being abused in the wild: 

"This update contains fixes for 1 critical severity security vulnerability and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," Acronis said.

"Keeping the software up to date is important to maintain the security of your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle."

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.