CVE-2024-32735
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CyberPower | CyberPower PowerPanel Enterprise | 0 < 2.8.3 | affected |
Weaknesses
ADP Enrichment
ADP Container
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
- https://www.tenable.com/security/research/tra-2024-14
- https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote
References
- https://www.tenable.com/security/research/tra-2024-14
- https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.