Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,223
- Points
- 113
Federal agencies in the United States received a strict deadline to fix the problem.
Acronis reported a critical vulnerability in the Acronis Cyber Infrastructure (ACI) product, which, although already fixed, still managed to become the subject of active hacker exploitation.
The vulnerability, identified as CVE-2023-45249 and rated at 9.8 on the CVSS scale, allows remote code execution and is associated with the use of standard passwords.
The problem affected the following versions of ACI:
The vulnerability was fixed in updates 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4 and 5.1 update 1.2, released at the end of October 2023.
At the moment, there is no exact data on exactly how the vulnerability is used in real attacks, as well as who exactly is behind it. However, Acronis has confirmed the existence of active exploitation cases, and therefore users of affected versions of ACI are advised to update the product to the latest version as soon as possible to avoid possible threats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2023-45249 to its catalog of Known Exploited vulnerabilities (KEV) and required Federal agencies of the U.S. Civil Enforcement Agency (FCEB) to address this flaw in their systems by August 19, 2024.
Source
Acronis reported a critical vulnerability in the Acronis Cyber Infrastructure (ACI) product, which, although already fixed, still managed to become the subject of active hacker exploitation.
The vulnerability, identified as CVE-2023-45249 and rated at 9.8 on the CVSS scale, allows remote code execution and is associated with the use of standard passwords.
The problem affected the following versions of ACI:
- versions prior to 5.0.1-61;
- versions prior to 5.1.1-71;
- versions up to 5.2.1-69;
- versions prior to 5.3.1-53;
- versions prior to 5.4.4-132.
The vulnerability was fixed in updates 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4 and 5.1 update 1.2, released at the end of October 2023.
At the moment, there is no exact data on exactly how the vulnerability is used in real attacks, as well as who exactly is behind it. However, Acronis has confirmed the existence of active exploitation cases, and therefore users of affected versions of ACI are advised to update the product to the latest version as soon as possible to avoid possible threats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2023-45249 to its catalog of Known Exploited vulnerabilities (KEV) and required Federal agencies of the U.S. Civil Enforcement Agency (FCEB) to address this flaw in their systems by August 19, 2024.
Source
