A company named Acronis warned that a now-patched critical security flaw impacting its ACI product has been exploited wildly. This vulnerability is tracked as CVE-2023-45249, classified as essential, with a CVSS score of 9.8. It specifically targets the Acronis Cyber Infrastructure (ACI) system and allows remote attackers to execute malicious code by exploiting default passwords.
Attackers can get complete control over the compromised ACI system by successfully exploiting CVE-2023-45249. At this point, attackers can steal sensitive data, deploy ransomware and disrupt critical operations. The risk beyond data breaches includes significant operational disruptions and potential financial losses.
The identity of threat actors and how the vulnerability is weaponized in real-world cyber stacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2023- 45249 to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the flaw by August 19, 2024.
In response to this vulnerability, Acronis has released patches for multiple versions of ACI. The organizations should implement some security measures to protect their ACI systems by changing Default Passwords, Network Segmentations, Increased monitoring and Incident Response Timing.
The exploitation of CVE-2023-45249 is an ever-present threat caused by cyberattacks. Organizations must remain alert and active in their security efforts. Organizations can eliminate the risk of falling victim to a devasting cyberattack by acting on this critical issue.
