← back
CVE-2024-33615

CyberPower PowerPanel business Relative Path Traversal

CVSS 8.8 HIGHEPSS 0.7%CWE-23
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
CyberPower · PowerPanel business

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads