Organizations have been warned by Acronis regarding ongoing intrusions leveraging an already patched critical security issue to stealthily infiltrate its unified multi-tenant endpoint management, virtualization, and backup platform Acronis Cyber Protect with default credentials, according to BleepingComputer.
Threat actors exploiting the flaw, tracked as CVE-2023-45249, could facilitate remote code execution without any authentication or user interaction in Acronis Cyber Protect instances before builds 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132, noted Acronis in an alert last week, which called for the immediate implementation of updates that were issued nine months ago. Moreover, vulnerable instances could be verified by looking for their implementations' build number via the "About" dialog box within the main window's "Help" section.
Acronis offered the following statement: “The CISA added CVE-2023-45249 to the list of known exploited vulnerabilities. Acronis identified the vulnerability nine months ago, and a security patch was released immediately. Customers running the older version of Acronis Cyber Infrastructure impacted by the vulnerability were promptly informed, provided a patch and recommended upgrading to the new version. Acronis Cyber Protect Cloud, Acronis Cyber Protect and Acronis True Image customers were not affected by the vulnerability.”
