Описание
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.
Уязвимость функции coverterCheckList класса meta_driver_srv.js программного обеспечения мониторинга и управления электропитанием Eaton Intelligent Power Manager (IPM), позволяющая нарушителю выполнить произвольный код
EPSS
10 Critical
CVSS3
7.5 High
CVSS2