// For flags

CVE-2021-23279

Arbitrary File delete

Severity Score

10.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Eaton Intelligent Power Manager (IPM) versiones anteriores a 1.69, es susceptible a una vulnerabilidad de eliminación de archivos arbitrarios no autenticados inducida debido a una comprobación inapropiada de entrada en la clase meta_driver_srv.js con la acción saveDriverData utilizando un driverID no válido. Un atacante puede enviar paquetes especialmente diseñados para eliminar los archivos del sistema donde está instalado el software IPM

*Credits: Amir Preminger from Claroty research
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-08 CVE Reserved
  • 2021-04-13 CVE Published
  • 2023-12-28 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Eaton
Search vendor "Eaton"
Intelligent Power Manager
Search vendor "Eaton" for product "Intelligent Power Manager"
< 1.69
Search vendor "Eaton" for product "Intelligent Power Manager" and version " < 1.69"
-
Affected
Eaton
Search vendor "Eaton"
Intelligent Power Manager Virtual Appliance
Search vendor "Eaton" for product "Intelligent Power Manager Virtual Appliance"
< 1.69
Search vendor "Eaton" for product "Intelligent Power Manager Virtual Appliance" and version " < 1.69"
-
Affected
Eaton
Search vendor "Eaton"
Intelligent Power Protector
Search vendor "Eaton" for product "Intelligent Power Protector"
< 1.68
Search vendor "Eaton" for product "Intelligent Power Protector" and version " < 1.68"
-
Affected