Cybersecurity firm Acronis is warning {that a} now-patched essential safety flaw impacting its Cyber Infrastructure (ACI) product has been exploited within the wild.
The vulnerability, tracked as CVE-2023-45249 (CVSS rating: 9.8), issues a case of distant code execution that stems from the usage of default passwords.
The flaw impacts the next variations of Acronis Cyber Infrastructure (ACI) –
- < construct 5.0.1-61
- < construct 5.1.1-71
- < construct 5.2.1-69
- < construct 5.3.1-53, and
- < construct 5.4.4-132
It has been addressed in variations 5.4 replace 4.2, 5.2 replace 1.3, 5.3 replace 1.3, 5.0 replace 1.4, and 5.1 replace 1.2 launched in late October 2023.
There are at the moment no particulars on how the vulnerability is being weaponized in real-world cyber assaults and the identification of the menace actors which may be exploiting it.
Nevertheless, the Swiss-headquartered firm acknowledged experiences of lively exploitation in an up to date advisory final week. “This vulnerability is understood to be exploited within the wild,” it mentioned.
Customers of affected variations of ACI are really useful to replace to the newest model to mitigate potential threats.
