CVE-2024-32735

CyberPower PowerPanel Enterprise Missing Authentication

CVSS 9.8 CRITICALEPSS 6.8%CWE-306

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

CyberPower · CyberPower PowerPanel Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote https://www.tenable.com/security/research/tra-2024-14