CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AcronisCNA
9.8 CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
acroniscyber_infrastructure
𝑥
< 5.0.1-61
acroniscyber_infrastructure
5.1.1-71 <
𝑥
< 5.1.1-71
acroniscyber_infrastructure
5.2.1-69 <
𝑥
< 5.2.1-69
acroniscyber_infrastructure
5.3.1-53 <
𝑥
< 5.3.1-53
acroniscyber_infrastructure
5.4.4-132 <
𝑥
< 5.4.4-132
acroniscyber_infrastructure
𝑥
< 5.0.1-61
acroniscyber_infrastructure
5.1.1 ≤
𝑥
< 5.1.1-71
acroniscyber_infrastructure
5.2.1 ≤
𝑥
< 5.2.1-69
acroniscyber_infrastructure
5.3.1 ≤
𝑥
< 5.3.1-53
acroniscyber_infrastructure
5.4.4 ≤
𝑥
< 5.4.4-132
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security-advisory.acronis.com/advisories/SEC-6452
https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/
https://security-advisory.acronis.com/advisories/SEC-6452
https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/