{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-33615", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A specially crafted Zip file containing path traversal characters can be\n imported to the \nCyberPower PowerPanel \n\nserver, which allows file writing to the server outside\n the intended scope, and could allow an attacker to achieve remote code \nexecution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-23", "cweId": "CWE-23" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "CyberPower", "product": { "product_data": [ { "product_name": "PowerPanel business", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", "version_value": "4.9.0" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01", "refsource": "MISC", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01" }, { "url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads", "refsource": "MISC", "name": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "advisory": "ICSA-24-123-01", "discovery": "EXTERNAL" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n

CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.

\n

https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads

\n\n
" } ], "value": "CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\n\n\n https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads" } ], "credits": [ { "lang": "en", "value": "Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] } }