CVE-2023-45249

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45249
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security-advisory.acronis.com/advisories/SEC-6452 Vendor Advisory
https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/ Press/Media Coverage
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
History

30 Jul 2024, 14:34

Type Values Removed Values Added
References () https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/ - () https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/ - Press/Media Coverage

29 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/ -

26 Jul 2024, 12:48

Type Values Removed Values Added
CPE cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
Summary
  • (es) Ejecución remota de comandos debido al uso de contraseñas predeterminadas. Los siguientes productos se ven afectados: Acronis Cyber Infrastructure (ACI) anterior a la compilación 5.0.1-61, Acronis Cyber Infrastructure (ACI) anterior a la compilación 5.1.1-71, Acronis Cyber Infrastructure (ACI) anterior a la compilación 5.2.1-69, Acronis Cyber Infraestructura (ACI) anterior a la compilación 5.3.1-53, Acronis Cyber Infrastructure (ACI) anterior a la compilación 5.4.4-132.
CWE CWE-287
References () https://security-advisory.acronis.com/advisories/SEC-6452 - () https://security-advisory.acronis.com/advisories/SEC-6452 - Vendor Advisory
First Time Acronis cyber Infrastructure
Acronis

24 Jul 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-24 14:15

Updated : 2024-07-30 14:34

NVD link : CVE-2023-45249

Mitre link : CVE-2023-45249

CVE.ORG link : CVE-2023-45249

JSON object : View

Products Affected

acronis

  • cyber_infrastructure
CWE
CWE-287

Improper Authentication

CWE-1393

Use of Default Password


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024