CVE-2023-3266 in PowerPanel Enterpriseinformazioni

Riassunto

di MITRE • 14/08/2023

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsabile

Trellix

Prenotare

15/06/2023

Divulgazione

14/08/2023

Moderazione

accettato

CPE

pronto

EPSS

0.00820

KEV

no

Attività

molto basso

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!