CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-25133

CVSS 9.1v3.1pub. 2023-04-24upd. 2024-11-21

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Cyberpower Powerpanel

    APP
    Cyberpower
    ≤ 4.8.6
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-34025CRITICAL9.8PL ✓ten sam produkt

CyberPower PowerPanel Business — zakodowane dane uwierzytelniające

CVE-2024-33625CRITICAL9.8PL ✓ten sam produkt

CyberPower PowerPanel: zakodowany klucz JWT umożliwia ominięcie uwierzytelnienia

CVE-2024-32053CRITICAL9.8PL ✓ten sam produkt

CyberPower PowerPanel — zakodowane na stałe dane uwierzytelniające (hard-coded credentials)

CVE-2024-32047CRITICAL9.8PL ✓ten sam produkt

CyberPower PowerPanel — zakodowane na stałe dane uwierzytelniające w kodzie produkcyjnym

CVE-2024-32735CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w REST API CyberPower PowerPanel Enterprise