nvd-json-data-feeds/CVE-2024/CVE-2024-336xx/CVE-2024-33615.json

{
  "id": "CVE-2024-33615",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2024-05-15T20:15:12.687",
  "lastModified": "2024-05-15T20:15:12.687",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "A specially crafted Zip file containing path traversal characters can be\n imported to the \nCyberPower PowerPanel \n\nserver, which allows file writing to the server outside\n the intended scope, and could allow an attacker to achieve remote code \nexecution."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-23"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01",
      "source": "ics-cert@hq.dhs.gov"
    },
    {
      "url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads",
      "source": "ics-cert@hq.dhs.gov"
    }
  ]
}
Auto-Update: 2024-05-15T22:00:37.827761+00:00 2024-05-15 22:03:30 +00:00			`{`
			`"id": "CVE-2024-33615",`
			`"sourceIdentifier": "ics-cert@hq.dhs.gov",`
			`"published": "2024-05-15T20:15:12.687",`
			`"lastModified": "2024-05-15T20:15:12.687",`
			`"vulnStatus": "Received",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A specially crafted Zip file containing path traversal characters can be\n imported to the \nCyberPower PowerPanel \n\nserver, which allows file writing to the server outside\n the intended scope, and could allow an attacker to achieve remote code \nexecution."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "ics-cert@hq.dhs.gov",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "ics-cert@hq.dhs.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-23"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01",`
			`"source": "ics-cert@hq.dhs.gov"`
			`},`
			`{`
			`"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads",`
			`"source": "ics-cert@hq.dhs.gov"`
			`}`
			`]`
			`}`