Critical Security Flaw in Acronis Cyber Infrastructure Exploited
Cybersecurity firm Acronis has issued a warning regarding a serious security vulnerability in its Cyber Infrastructure (ACI) product, which has reportedly been exploited in active attacks. The vulnerability, designated as CVE-2023-45249, carries a remarkably high CVSS score of 9.8 and is associated with a remote code execution risk linked to the failure to change default passwords.
This vulnerability affects several versions of Acronis Cyber Infrastructure, specifically those prior to builds 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132. Acronis has addressed the issue in updated versions released in late October 2023, including 5.4 update 4.2 and the corresponding updates to previous builds.
While details surrounding the exploitation of this flaw remain scarce, Acronis has confirmed through an updated advisory last week that the vulnerability is being actively exploited in the wild. They highlighted the urgent need for users of the affected versions to upgrade to the latest patches to safeguard against potential threats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has subsequently added CVE-2023-45249 to its Known Exploited Vulnerabilities (KEV) catalog, mandating that Federal Civilian Executive Branch agencies rectify this flaw by August 19, 2024. This designation underscores the critical nature of the vulnerability and highlights the potential risks it poses to federal and private sector cybersecurity.
In a statement released after the initial publication of this information, Acronis disclosed that the vulnerability was first identified and mitigated nine months ago. The company assures that customers running older, affected versions were notified in a timely manner, provided with necessary patches, and advised to transition to updated versions. Notably, users of Acronis Cyber Protect Cloud, Acronis Cyber Protect, and Acronis True Image were not impacted by this security issue.
The company also revealed that during a customer support inquiry regarding performance degradation, Acronis identified the presence of crypto-mining software. An internal investigation linked this crypto-mining incident back to the exploit associated with the vulnerability, prompting immediate action from Acronis’s security team.
Business owners must be cognizant of the implications of such vulnerabilities. The tactics and techniques employed in the exploitation of CVE-2023-45249 closely align with several categories outlined in the MITRE ATT&CK Matrix. These include initial access, wherein attackers may leverage default credentials, and potentially privilege escalation if an attacker gains elevated privileges through the vulnerability.
Given the evolving nature of cyber threats, maintaining updated systems and understanding the risks tied to software vulnerabilities is imperative for safeguarding business operations. Acronis’s situation starkly illustrates the significant cybersecurity risks faced by organizations and the critical need for vigilance in updating and securing IT infrastructure.
