9.8
CVE-2023-45249
- EPSS 93.34%
- Veröffentlicht 24.07.2024 14:15:04
- Zuletzt bearbeitet 22.10.2025 16:49:35
- Quelle security@acronis.com
- CVE-Watchlists
- Unerledigt
LoginRemote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Acronis ≫ Cyber Infrastructure Version < 5.0.1-61
Acronis ≫ Cyber Infrastructure Version >= 5.1.1 < 5.1.1-71
Acronis ≫ Cyber Infrastructure Version >= 5.2.1 < 5.2.1-69
Acronis ≫ Cyber Infrastructure Version >= 5.3.1 < 5.3.1-53
Acronis ≫ Cyber Infrastructure Version >= 5.4.4 < 5.4.4-132
29.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
SchwachstelleAcronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.34% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@acronis.com | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1393 Use of Default Password
The product uses default passwords for potentially critical functionality.