9.8
CVE-2023-45249
- EPSS 93.24%
- Veröffentlicht 24.07.2024 14:15:04
- Zuletzt bearbeitet 27.01.2025 21:36:02
- Quelle security@acronis.com
- Teams Watchlist Login
- Unerledigt Login
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Acronis ≫ Cyber Infrastructure Version < 5.0.1-61
Acronis ≫ Cyber Infrastructure Version >= 5.1.1 < 5.1.1-71
Acronis ≫ Cyber Infrastructure Version >= 5.2.1 < 5.2.1-69
Acronis ≫ Cyber Infrastructure Version >= 5.3.1 < 5.3.1-53
Acronis ≫ Cyber Infrastructure Version >= 5.4.4 < 5.4.4-132
29.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
SchwachstelleAcronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.24% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@acronis.com | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1393 Use of Default Password
The product uses default passwords for potentially critical functionality.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.