1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Acronis warns thousands of customers to patch this security issue

    From TechnologyDaily@1337:1/100 to All on Mon Jul 29 15:15:05 2024
    Acronis warns thousands of customers to patch this security issue now

    Date:
    Mon, 29 Jul 2024 15:08:25 +0000

    Description:
    A critical bug was found nine months ago but it's now being actively abused.

    FULL STORY ======================================================================

    Swiss cybersecurity experts Acronis are urging their customers to apply a patch that was issued nine months ago, since it fixes a flaw that is now actively being abused in the wild.

    The vulnerability is described as a remote command execution due to use of default passwords flaw and, as the name suggests, allows attackers to authenticate and run malicious code on vulnerable servers remotely.

    The bug is tracked as CVE-2023-45249 and carries a severity score of 9.8 (critical) according to the NVD . Multiple versions affected

    It was found in Acronis Cyber Infrastructure (ACI), a software-defined infrastructure solution designed to provide secure and efficient storage, compute, and networking resources. It integrates with Acronis Cyber
    Protection solutions, thus offering a comprehensive approach to data protection and disaster recovery.

    The platform supports diverse workloads and is optimized for performance, reliability, and ease of management. The company claims more than 20,000 service providers are using ACI, protecting more than 750,000 organizations
    in 150 countries.

    The flaw was found on multiple versions of ACI, including builds older than 5.0.1-61 (patched in ACI 5.0 update 1.4), 5.1.1-71 (patched in ACI 5.1 update 1.2), 5.2.1-69 (patched in ACI 5.2 update 1.3), 5.3.1-53 (patched in ACI 5.3 update 1.3), and 5.4.4-132 (patched in ACI 5.4 update 4.2). In a security advisory, published last week, the company confirmed the bug being abused in the wild:

    "This update contains fixes for 1 critical severity security vulnerability
    and should be installed immediately by all users. This vulnerability is known to be exploited in the wild," Acronis said.

    "Keeping the software up to date is important to maintain the security of
    your Acronis products. For guidelines on the availability of support and security updates, see Acronis products support lifecycle."

    Via BleepingComputer More from TechRadar Pro Acronis admits to mega data
    leak - but it might not be as bad as it seems Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/acronis-warns-thousands-of-customers-to -patch-this-security-issue-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)