CVE-2023-45249

CRITICAL CISA KEV
Published Jul 24, 2024 Modified Oct 22, 2025 CWE-1393

Description

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Jul 29, 2024 Remediation due: Aug 19, 2024

Weakness Type (CWE)

CWE-1393 CWE-1393

Affected Products

Vendor Product
acronis cyber_infrastructure
acronis cyber_infrastructure
acronis cyber_infrastructure
acronis cyber_infrastructure
acronis cyber_infrastructure

References

Frequently Asked Questions

What is CVE-2023-45249? +
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. It has a CVSS v3.1 base score of 9.8 (CRITICAL). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.
How severe is CVE-2023-45249? +
CVE-2023-45249 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2023-45249? +
CVE-2023-45249 affects products from acronis, specifically: cyber_infrastructure. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2023-45249? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-26793

The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username …
CVE-2025-26701 10.0

An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH …
CVE-2024-51555 10.0

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require …
CVE-2024-50588 9.8

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain …
CVE-2025-8077 9.8

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default …
CVE-2025-22938 9.8

Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords.

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2023-45249 — free, no signup required.

Start Free Scan