CISA Known Exploited Vulnerability (KEV)
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
July 29, 2024
August 19, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132.