Acronis alerts of active exploit of a critical flaw in its Cyber Infrastructure (ACI) platform

Acronis is alerting customers of a critical security vulnerability within its Cyber Infrastructure (ACI) platform that has been actively exploited in attacks.

The Acronis Cyber Protect platform, which integrates remote endpoint management, backup, and virtualization capabilities, is used by over 20,000 service providers to safeguard the operations of more than 750,000 businesses across 150 countries.

 The flaw is tracked as CVE-2023-45249 (CVSS score 9.8), allows attackers to bypass authentication on vulnerable servers using default credentials, leading to remote code execution. Despite the flaw being patched nine months ago, this vulnerability continues to pose a significant threat due to its exploitation in the wild.

The following versions of Acronis Cyber Infrastructure are impacted by CVE-2023-45249:

• ACI before build 5.0.1-61 (patched in ACI 5.0 update 1.4)
• ACI before build 5.1.1-71 (patched in ACI 5.1 update 1.2)
• ACI before build 5.2.1-69 (patched in ACI 5.2 update 1.3)
• ACI before build 5.3.1-53 (patched in ACI 5.3 update 1.3)
• ACI before build 5.4.4-132 (patched in ACI 5.4 update 4.2)

Acronis has strongly advised administrators to update their installations to the latest builds immediately. This urgent patching is crucial to prevent unauthorized access and potential compromise of the systems.

To determine if your Acronis Cyber Protect installation is vulnerable, navigate to the Help -> About dialog box from the software's main window to find the build number. To apply the latest updates, follow these steps:

1. Log in to your Acronis account (create one and register your licenses if you haven't already).
2. Download the latest ACI build from the "Products" section.
3. Install the update on all vulnerable servers.