exploitDog

GHSA-p6w4-xgmf-8r7g

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

Ссылки

EPSS

Процентиль: 68%

0.00578

Низкий

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2021-23281

CVSS3: 10

nvd

почти 5 лет назад

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

BDU:2022-06201

CVSS3: 10

fstec

почти 5 лет назад

Уязвимость функции coverterCheckList класса meta_driver_srv.js программного обеспечения мониторинга и управления электропитанием Eaton Intelligent Power Manager (IPM), позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 68%

0.00578

Низкий

CVE ID

Дефекты

CWE-94