Overview
Acronis has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2023-45249
- Acronis Cyber Infrastructure Build versions: ~ 5.0.1-61 (excluded)
- Acronis Cyber Infrastructure Build versions: 5.1.1 (inclusive) ~ 5.1.1-71 (excluded)
- Acronis Cyber Infrastructure Build versions: 5.2.1 (inclusive) ~ 5.2.1-69 (excluded)
- Acronis Cyber Infrastructure Build versions: 5.3.1 (inclusive) ~ 5.3.1-53 (excluded)
- Acronis Cyber Infrastructure Build versions: 5.4.4 (inclusive) ~ 5.4.4-132 (excluded)
Resolved Vulnerabilities
Remote command execution vulnerability due to default password usage (CVE-2023-45249)
Vulnerability Patches
Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2023-45249
- Acronis Cyber Infrastructure Build version: 5.0.1-61
- Acronis Cyber Infrastructure Build version: 5.1.1-71
- Acronis Cyber Infrastructure Build version: 5.2.1-69
- Acronis Cyber Infrastructure Build version: 5.3.1-53
- Acronis Cyber Infrastructure Build version: 5.4.4-132
Referenced Sites
[1] CVE-2023-45249 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-45249
[2] Remote command execution due to use of default passwords
https://security-advisory.acronis.com/advisories/SEC-6452
Article Link: Acronis Product Security Update Advisory (CVE-2023-45249) – ASEC