Assigner | icscert |
Reserved | 2024-04-29 |
Published | 2024-05-15 |
Updated | 2024-06-04 |
Description
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Problem types
Product status
Any version before 4.9.0
Credits
Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA.
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads