Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-23279

Опубликовано: 13 апр. 2021
Источник: nvd
CVSS3: 8
CVSS3: 10
CVSS2: 6.4
EPSS Низкий

Описание

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eaton:intelligent_power_manager:*:*:*:*:*:*:*:*
Версия до 1.69 (исключая)
cpe:2.3:a:eaton:intelligent_power_manager_virtual_appliance:*:*:*:*:*:*:*:*
Версия до 1.69 (исключая)
cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*
Версия до 1.68 (исключая)

EPSS

Процентиль: 75%
0.00914
Низкий

8 High

CVSS3

10 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-h7cg-8375-67fx

github
больше 3 лет назад

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

EPSS

Процентиль: 75%
0.00914
Низкий

8 High

CVSS3

10 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-20
CWE-20