← voltar
CVE-2024-32735

CyberPower PowerPanel Enterprise Missing Authentication

CVSS 9.8 CRITICALEPSS 6.8%CWE-306
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
CyberPower · CyberPower PowerPanel Enterprise

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNotehttps://www.tenable.com/security/research/tra-2024-14