CVE-2022-45453
📋 TL;DR
This vulnerability allows attackers to perform man-in-the-middle attacks by exploiting weak TLS/SSL cipher suites in Acronis Cyber Protect 15. Affected systems include Windows and Linux versions before build 30984, potentially exposing sensitive data in transit.
💻 Affected Systems
- Acronis Cyber Protect 15
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete interception and decryption of all encrypted communications between Acronis Cyber Protect components, leading to data theft, credential compromise, and potential lateral movement.
Likely Case
Partial decryption of sensitive administrative or backup data during man-in-the-middle attacks, potentially exposing credentials or confidential information.
If Mitigated
Limited impact with proper network segmentation and monitoring, though weak ciphers still present theoretical risk.
🎯 Exploit Status
Exploitation requires man-in-the-middle position but uses well-known cryptographic attacks against weak ciphers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Build 30984 or later
Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-5112
Restart Required: Yes
Instructions:
1. Update Acronis Cyber Protect 15 to build 30984 or later. 2. Restart all Acronis services. 3. Verify cipher suite configuration post-update.
🔧 Temporary Workarounds
Disable Weak Cipher Suites
allManually disable weak TLS/SSL cipher suites in Acronis configuration
# Configuration varies by platform - consult Acronis documentation for cipher suite configuration
Network Segmentation
allIsolate Acronis traffic to trusted network segments
# Use firewall rules to restrict Acronis traffic to specific subnets
🧯 If You Can't Patch
- Implement strict network segmentation to limit attack surface
- Deploy network monitoring for SSL/TLS downgrade attacks and unusual traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check Acronis Cyber Protect version via management console or command 'acronis_cyber_protect --version' and verify if below build 30984Check Version:
acronis_cyber_protect --versionVerify Fix Applied:
Verify version is 30984+ and test SSL/TLS connections using tools like nmap or openssl to confirm weak ciphers are disabled📡 Detection & Monitoring
Log Indicators:
- SSL/TLS handshake failures
- Unusual cipher suite negotiations
- Connection resets during SSL/TLS setup
Network Indicators:
- SSL/TLS downgrade attempts
- Use of weak cipher suites (RC4, DES, EXPORT, NULL, anon)
- Unusual man-in-the-middle patterns
SIEM Query:
ssl.cipher_suite IN ("TLS_RSA_WITH_RC4_128_MD5", "TLS_RSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_DES_CBC_SHA") AND dest_ip IN (acronis_servers)