Acronis Releases Critical Security Advisory - 20240729001 (#909)

* Acronis Releases Critical Security Advisory - 20240729001

* Update 20240729001

Restructure of information

---------

Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>

docs/advisories/20240729001-Acronis-Releases-Critical-Security-Advisory.md

@@ -0,0 +1,22 @@
+# Acronis Releases Critical Security Advisory - 20240729001
+
+## Overview
+
+Acronis has released a critical advisory related to a vulnerability found in their Acronis Cyber Infrastructure (ACI) product that could allow attackers to bypass authentication on vulnerable servers using default credentials.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
+| --- | --- | --- | --- | --- |
+| Acronis Cyber Infrastructure (ACI) | 5.0.1 before build -61 </br> 5.1.1 before build -71 </br> 5.2.1 before build -69 </br> 5.3.1 before build -53 </br> 5.4.4 before build -132 | [CVE-2023-45249](https://nvd.nist.gov/vuln/detail/CVE-2023-45249) | 9.8 | **Critical** |
+
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Acronis advisory: <https://security-advisory.acronis.com/advisories/SEC-6452>
+
+## Additional References
+
+- BleepingComputer article: <https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/>