9.8
CVE-2023-45249
- EPSS 93.24%
- Published 24.07.2024 14:15:04
- Last modified 27.01.2025 21:36:02
- Source security@acronis.com
- Teams watchlist Login
- Open Login
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
Data is provided by the National Vulnerability Database (NVD)
Acronis ≫ Cyber Infrastructure Version < 5.0.1-61
Acronis ≫ Cyber Infrastructure Version >= 5.1.1 < 5.1.1-71
Acronis ≫ Cyber Infrastructure Version >= 5.2.1 < 5.2.1-69
Acronis ≫ Cyber Infrastructure Version >= 5.3.1 < 5.3.1-53
Acronis ≫ Cyber Infrastructure Version >= 5.4.4 < 5.4.4-132
29.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
VulnerabilityAcronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
DescriptionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.24% | 0.998 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@acronis.com | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1393 Use of Default Password
The product uses default passwords for potentially critical functionality.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.