Acronis Product Security Update Advisory (CVE-2023-45249)

Overview

 

Acronis has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2023-45249

  • Acronis Cyber Infrastructure Build versions: ~ 5.0.1-61 (excluded)
  • Acronis Cyber Infrastructure Build versions: 5.1.1 (inclusive) ~ 5.1.1-71 (excluded)
  • Acronis Cyber Infrastructure Build versions: 5.2.1 (inclusive) ~ 5.2.1-69 (excluded)
  • Acronis Cyber Infrastructure Build versions: 5.3.1 (inclusive) ~ 5.3.1-53 (excluded)
  • Acronis Cyber Infrastructure Build versions: 5.4.4 (inclusive) ~ 5.4.4-132 (excluded)

 

 

Resolved Vulnerabilities

 

Remote command execution vulnerability due to default password usage (CVE-2023-45249)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2023-45249

  • Acronis Cyber Infrastructure Build version: 5.0.1-61
  • Acronis Cyber Infrastructure Build version: 5.1.1-71
  • Acronis Cyber Infrastructure Build version: 5.2.1-69
  • Acronis Cyber Infrastructure Build version: 5.3.1-53
  • Acronis Cyber Infrastructure Build version: 5.4.4-132

 

 

Referenced Sites

[1] CVE-2023-45249 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-45249

[2] Remote command execution due to use of default passwords

https://security-advisory.acronis.com/advisories/SEC-6452

Article Link: Acronis Product Security Update Advisory (CVE-2023-45249) – ASEC