CVE-2023-45249

CRITICAL KEV NUCLEI

Acronis Cyber Infrastructure <5.0.1-61, <5.1.1-71, <5.2.1-69, <5.3....

Title source: llm

Exploitation Summary

CVE-2023-45249 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 29, 2024. EIP tracks 1 public exploit, including a Metasploit module exploits/linux/http/acronis_cyber_infra_cve_2023_45249. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a default password vulnerability in Acronis Cyber Infrastructure to gain administrative access via PostgreSQL manipulation and SSH key injection. It leverages default credentials to add an admin user and establish an SSH session.

Description

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/acronis_cyber_infra_cve_2023_45249.rb

View Code ZIP pw:eip

This Metasploit module exploits a default password vulnerability in Acronis Cyber Infrastructure to gain administrative access via PostgreSQL manipulation and SSH key injection. It leverages default credentials to add an admin user and establish an SSH session.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Acronis Cyber Infrastructure (versions 5.0 before build 5.0.1-61, 5.1 before build 5.1.1-71, 5.2 before build 5.2.1-69, 5.3 before build 5.3.1-53, and 5.4 before build 5.4.4-132)

Auth required

Prerequisites: PostgreSQL and SSH services exposed to the attacker · Default credentials (vstoradmin:vstoradmin) unchanged

MITRE ATT&CK

T1021.004 - SSH T1078 - Valid Accounts T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Acronis Cyber Infrastructure - Default Password

CRITICALVERIFIEDby darses

References (3)

Core 3

Core References

Press/Media Coverage

https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45249

Vendor Advisory vendor-advisory

https://security-advisory.acronis.com/advisories/SEC-6452

Scores

CVSS v3 9.8

EPSS 0.5353

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-07-29

VulnCheck KEV 2024-07-24

InTheWild.io 2024-07-29

ENISA EUVD EUVD-2023-49555

CWE

CWE-1393

Status published

Products (1)

acronis/cyber_infrastructure < 5.0.1-61

Published Jul 24, 2024

KEV Added Jul 29, 2024

Tracked Since Feb 18, 2026