CVE-2023-45249 is a critical vulnerability identified in Acronis Cyber Infrastructure (ACI), a software platform widely used for data storage, backup, and disaster recovery. The root cause is the use of default passwords within the affected ACI versions prior to builds 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132. This weakness allows remote attackers to perform command execution without any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability is classified under CWE-1393, which relates to improper use or management of authentication credentials. Exploitation could lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of data, and disruption of services. Although no active exploits have been reported, the high CVSS score of 9.8 reflects the severity and ease of exploitation. The vulnerability affects all deployments of the specified ACI versions exposed to untrusted networks, making it a critical concern for organizations relying on Acronis for their cyber infrastructure.

For European organizations, the impact of CVE-2023-45249 is significant due to the widespread use of Acronis Cyber Infrastructure in enterprise backup and storage solutions. Successful exploitation can lead to complete system takeover, resulting in data breaches, loss of data integrity, and service outages. This can disrupt business continuity, cause regulatory compliance violations (e.g., GDPR), and damage organizational reputation. Critical sectors such as finance, healthcare, government, and telecommunications that depend on Acronis for data protection are particularly vulnerable. The ability to execute commands remotely without authentication increases the risk of ransomware deployment, espionage, or sabotage. Given the criticality of data infrastructure, the threat could cascade to affect supply chains and essential services across Europe.

Organizations should immediately verify if they are running affected versions of Acronis Cyber Infrastructure and prioritize upgrading to the latest patched builds beyond 5.4.4-132. If immediate patching is not feasible, administrators must change all default passwords to strong, unique credentials and enforce strict password policies. Network segmentation should be applied to restrict access to ACI management interfaces, limiting exposure to trusted internal networks only. Implement multi-factor authentication (MFA) where possible for administrative access. Continuous monitoring and logging of ACI systems should be enhanced to detect unusual command execution or login attempts. Employ intrusion detection/prevention systems (IDS/IPS) to identify and block exploitation attempts. Regular security audits and vulnerability assessments should be conducted to ensure no residual default credentials remain. Finally, organizations should prepare incident response plans tailored to potential exploitation scenarios involving ACI.