Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-23278

Опубликовано: 13 апр. 2021
Источник: nvd
CVSS3: 8.7
CVSS3: 9.6
CVSS2: 5.5
EPSS Низкий

Описание

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eaton:intelligent_power_manager:*:*:*:*:*:*:*:*
Версия до 1.69 (исключая)
cpe:2.3:a:eaton:intelligent_power_manager_virtual_appliance:*:*:*:*:*:*:*:*
Версия до 1.69 (исключая)
cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*
Версия до 1.68 (исключая)

EPSS

Процентиль: 28%
0.00099
Низкий

8.7 High

CVSS3

9.6 Critical

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-9wgr-5887-h4gv

github
больше 3 лет назад

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

EPSS

Процентиль: 28%
0.00099
Низкий

8.7 High

CVSS3

9.6 Critical

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20
NVD-CWE-noinfo