HIGH✓ PATCH🇬🇧 English

CVE-2021-23279

CVSS 8.0v3.1pub. 2021-04-13upd. 2024-11-21

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
  • Eaton Intelligent Power Manager

    APP
    Eaton
    < 1.69
  • Eaton Intelligent Power Manager Virtual Appliance

    APP
    Eaton
    < 1.69
  • Eaton Intelligent Power Protector

    APP
    Eaton
    < 1.68
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-23281CRITICAL10.0ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vul...

CVE-2018-12031CRITICAL9.8ten sam produkt

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/n...

CVE-2026-22619HIGH7.8ten sam produkt

Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could...

CVE-2021-23278HIGH8.7ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulne...

CVE-2021-23277HIGH8.3ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerabil...

CVE-2021-23279 — HIGH 8.0 | CVEbaza.pl