cvelist/2024/32xxx/CVE-2024-32053.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-32053",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Hard-coded credentials are used by the\u00a0\nCyberPower PowerPanel \n\n platform to authenticate to the \ndatabase, other services, and the cloud. This could result in an \nattacker gaining access to services with the privileges of a Powerpanel \nbusiness application."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-798",
                        "cweId": "CWE-798"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "CyberPower",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "PowerPanel business",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "4.9.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"
            },
            {
                "url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads",
                "refsource": "MISC",
                "name": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "advisory": "ICSA-24-123-01",
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "\n<p>CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\">https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads</a><br></p>\n\n<br>"
                }
            ],
            "value": "CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\n\n\n https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
    }
}