← volver
CVE-2024-32735

CyberPower PowerPanel Enterprise Missing Authentication

CVSS 9.8 CRITICALEPSS 6.8%CWE-306
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
CyberPower · CyberPower PowerPanel Enterprise

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNotehttps://www.tenable.com/security/research/tra-2024-14