Lucene search

[email protected]NVD:CVE-2024-33615

HistoryMay 15, 2024 - 8:15 p.m.

CVE-2024-33615

2024-05-1520:15:12

CWE-23

[email protected]

web.nvd.nist.gov

cve-2024-33615

cyberpower powerpanel

zip file

path traversal

remote code execution

file writing

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A specially crafted Zip file containing path traversal characters can be
imported to the
CyberPower PowerPanel

server, which allows file writing to the server outside
the intended scope, and could allow an attacker to achieve remote code
execution.

References

www.cisa.gov/news-events/ics-advisories/icsa-24-123-01

www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-33615

cvelist1 vulnrichment1 cve1 ics1