Summary
Acronis has released security updates to address a vulnerability with a severity of “critical” related to the Acronis Cyber Infrastructure (ACI) product. This vulnerability, if exploited, could allow a remote attacker to execute arbitrary code on the target system.
Risk
Vulnerability impact estimate on the target community: MEDIUM/YELLOW (62.30/100)1 .
Type
- Remote Code Execution
Affected products and versions
Acronis Cyber Infrastructure (ACI)
- 5.0.x, versions prior to 5.0.1-61
- 5.1.x, versions prior to 5.1.1-71
- 5.2.x, versions prior to 5.2.1-69
- 5.3.x, versions prior to 5.3.1-53
- 5.4.x, versions prior to 5.4.4-132
Mitigation actions
In line with vendor statements, it is recommended to update vulnerable products by following the guidance in the security bulletins listed in the References section.
Unique Vulnerability Identifiers
References
https://security-advisory.acronis.com/advisories/SEC-6452
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, prevalence of affected software/devices in the target community.
