Cybersecurity firm Acronis is warning {that a} now-patched vital safety flaw impacting its Cyber Infrastructure (ACI) product has been exploited within the wild.
The vulnerability, tracked as CVE-2023-45249 (CVSS rating: 9.8), considerations a case of distant code execution that stems from the usage of default passwords.
The flaw impacts the next variations of Acronis Cyber Infrastructure (ACI) –
- < construct 5.0.1-61
- < construct 5.1.1-71
- < construct 5.2.1-69
- < construct 5.3.1-53, and
- < construct 5.4.4-132
It has been addressed in variations 5.4 replace 4.2, 5.2 replace 1.3, 5.3 replace 1.3, 5.0 replace 1.4, and 5.1 replace 1.2 launched in late October 2023.
There are at present no particulars on how the vulnerability is being weaponized in real-world cyber assaults and the identification of the menace actors that could be exploiting it.
Nonetheless, the Swiss-headquartered firm acknowledged experiences of energetic exploitation in an up to date advisory final week. “This vulnerability is thought to be exploited within the wild,” it stated.
Customers of affected variations of ACI are really helpful to replace to the most recent model to mitigate potential threats.