CVE-2023-3266

EPSS 0.08%
Veröffentlicht 14.08.2023 05:15:10
Zuletzt bearbeitet 21.11.2024 08:16:50
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cyberpower ≫ Powerpanel Server SwEditionenterprise Version < 2.6.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.25

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
trellixpsirt@trellix.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3266

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3266

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3266

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3266