CVE-2023-3266

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:*

History

22 Aug 2023, 16:19

Type	Values Removed	Values Added
References	~~(MISC) https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html -~~	(MISC) https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		NVD-CWE-Other
First Time		Cyberpower Cyberpower powerpanel Server
CPE		cpe:2.3:a:cyberpower:powerpanel_server:::::enterprise:::*

14 Aug 2023, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-14 05:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-3266

Mitre link : CVE-2023-3266

CVE.ORG link : CVE-2023-3266

JSON object : View

Products Affected

cyberpower

powerpanel_server

CWE

NVD-CWE-Other CWE-358

Improperly Implemented Security Check for Standard

{"id": "CVE-2023-3266", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-14T05:15:10.067", "references": [{"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html", "tags": ["Vendor Advisory"], "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-358"}]}], "descriptions": [{"lang": "en", "value": "A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully."}], "lastModified": "2023-08-22T16:19:57.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "054765FB-5866-4141-A0F3-F4A3BCAB7C15", "versionEndExcluding": "2.6.9"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}