Search
Find a vulnerability
Search criteria
6 vulnerabilities found for PowerPanel Business Local / Remote by CyberPower
CVE-2023-25133 (GCVE-0-2023-25133)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:22
VLAI
Title
Improper privilege management vulnerability in CyberPower PowerPanel Business
Summary
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|
| CyberPower | PowerPanel Business Management |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:22:25.498117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:22:44.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-03"
],
"discovery": "EXTERNAL"
},
"title": "Improper privilege management vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25133",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:22:44.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25132 (GCVE-0-2023-25132)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI
Title
Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business
Summary
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|
| CyberPower | PowerPanel Business Management |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:10.879424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:19.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-02"
],
"discovery": "EXTERNAL"
},
"title": "Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25132",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:19.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25131 (GCVE-0-2023-25131)
Vulnerability from nvd – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI
Title
Use of default password vulnerability in CyberPower PowerPanel Business
Summary
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.
Severity
9.4 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|
| CyberPower | PowerPanel Business Management |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:46.888522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:51.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the \u0027admin\u0027 password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-01"
],
"discovery": "EXTERNAL"
},
"title": "Use of default password vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25131",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:51.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25131 (GCVE-0-2023-25131)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI
Title
Use of default password vulnerability in CyberPower PowerPanel Business
Summary
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.
Severity
9.4 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1393 - Use of Default Password
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|
| CyberPower | PowerPanel Business Management |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:46.888522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:51.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the \u0027admin\u0027 password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1393",
"description": "CWE-1393 Use of Default Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-01"
],
"discovery": "EXTERNAL"
},
"title": "Use of default password vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25131",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:51.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25132 (GCVE-0-2023-25132)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:25
VLAI
Title
Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business
Summary
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|
| CyberPower | PowerPanel Business Management |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:25:10.879424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:25:19.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-02"
],
"discovery": "EXTERNAL"
},
"title": "Unrestricted upload of file with dangerous type vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25132",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:25:19.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25133 (GCVE-0-2023-25133)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 17:22
VLAI
Title
Improper privilege management vulnerability in CyberPower PowerPanel Business
Summary
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel Business Local / Remote |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
|
| CyberPower | PowerPanel Business Management |
Affected:
unspecified , ≤ v4.8.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://zuso.ai/Advisory/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:22:25.498117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T17:22:44.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Local / Remote",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows, MacOS, Linux"
],
"product": "PowerPanel Business Management",
"vendor": "CyberPower",
"versions": [
{
"lessThanOrEqual": "v4.8.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART"
},
"references": [
{
"url": "https://zuso.ai/Advisory/"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"
}
],
"source": {
"defect": [
"ZA-2023-03"
],
"discovery": "EXTERNAL"
},
"title": "Improper privilege management vulnerability in CyberPower PowerPanel Business",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"assignerShortName": "ZUSO ART",
"cveId": "CVE-2023-25133",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T17:22:44.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}