Cybersecurity firm Acronis is warning {that a} now-patched essential safety flaw impacting its Cyber Infrastructure (ACI) product has been exploited within the wild.
The vulnerability, tracked as CVE-2023-45249 (CVSS rating: 9.8), issues a case of distant code execution that stems from using default passwords.
The flaw impacts the next variations of Acronis Cyber Infrastructure (ACI) –
- < construct 5.0.1-61
- < construct 5.1.1-71
- < construct 5.2.1-69
- < construct 5.3.1-53, and
- < construct 5.4.4-132
It has been addressed in variations 5.4 replace 4.2, 5.2 replace 1.3, 5.3 replace 1.3, 5.0 replace 1.4, and 5.1 replace 1.2 launched in late October 2023.
There are at the moment no particulars on how the vulnerability is being weaponized in real-world cyber assaults and the id of the risk actors that could be exploiting it.
Nonetheless, the Swiss-headquartered firm acknowledged experiences of lively exploitation in an up to date advisory final week. “This vulnerability is thought to be exploited within the wild,” it mentioned.
Customers of affected variations of ACI are beneficial to replace to the newest model to mitigate potential threats.