Search criteria
6 vulnerabilities found for PowerPanel Business Management by CyberPower
CVE-2023-25132 (GCVE-0-2023-25132)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI?
Summary
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity ?
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:10.879424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:19.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-02"
],
"discovery": "EXTERNAL"
},
"title": "Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25132",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:19.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25133 (GCVE-0-2023-25133)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:22
VLAI?
Summary
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity ?
9.1 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:22:25.498117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:22:44.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-03"
],
"discovery": "EXTERNAL"
},
"title": "Improper privilege management vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25133",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:22:44.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25131 (GCVE-0-2023-25131)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI?
Summary
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.
Severity ?
9.4 (Critical)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:46.888522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:51.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the \u0027admin\u0027 password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-01"
],
"discovery": "EXTERNAL"
},
"title": "Use of default password vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25131",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:51.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25132 (GCVE-0-2023-25132)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI?
Summary
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity ?
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:10.879424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:19.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-02"
],
"discovery": "EXTERNAL"
},
"title": "Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25132",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:19.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25133 (GCVE-0-2023-25133)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:22
VLAI?
Summary
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity ?
9.1 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:22:25.498117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:22:44.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-03"
],
"discovery": "EXTERNAL"
},
"title": "Improper privilege management vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25133",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:22:44.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25131 (GCVE-0-2023-25131)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI?
Summary
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.
Severity ?
9.4 (Critical)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:46.888522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:51.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the \u0027admin\u0027 password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-01"
],
"discovery": "EXTERNAL"
},
"title": "Use of default password vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25131",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:51.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}