CVE-2021-23278
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Summary
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eaton | Intelligent Power manager (IPM) | unspecified < 1.69 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
Workarounds
To prevent the exploitation of the issues and safeguard the software from malicious entities, Eaton recommends blocking ports 4679 & 4680 at the enterprise network or home network where Intelligent Power Manager (IPM) software is installed and used
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.