CVE-2024-32047
CyberPower PowerPanel business Active Debug Code
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Hard-coded credentials for the
CyberPower PowerPanel test server can be found in the
production code. This might result in an attacker gaining access to the
testing or production server.
Las credenciales codificadas para el servidor de prueba CyberPower PowerPanel se pueden encontrar en el código de producción. Esto podría provocar que un atacante obtenga acceso al servidor de prueba o de producción.
*Credits:
Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-04-29 CVE Reserved
- 2024-05-15 CVE Published
- 2024-05-16 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-489: Active Debug Code
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 | ||
| https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| CyberPower Search vendor "CyberPower" | PowerPanel Business Search vendor "CyberPower" for product "PowerPanel Business" | < 4.9.0 Search vendor "CyberPower" for product "PowerPanel Business" and version " < 4.9.0" | en |
Affected
| ||||||