CVE-2023-45249
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/07/2024
Last modified:
22/10/2025
Description
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:* | 5.0.1-61 (excluding) | |
| cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:* | 5.1.1 (including) | 5.1.1-71 (excluding) |
| cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:* | 5.2.1 (including) | 5.2.1-69 (excluding) |
| cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:* | 5.3.1 (including) | 5.3.1-53 (excluding) |
| cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:* | 5.4.4 (including) | 5.4.4-132 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://security-advisory.acronis.com/advisories/SEC-6452
- https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/
- https://security-advisory.acronis.com/advisories/SEC-6452
- https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45249