CVE-2024-32053

{"id": "CVE-2024-32053", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-05-15T20:15:12.443", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Hard-coded credentials are used by the\u00a0\nCyberPower PowerPanel \n\n platform to authenticate to the \ndatabase, other services, and the cloud. This could result in an \nattacker gaining access to services with the privileges of a Powerpanel \nbusiness application."}, {"lang": "es", "value": "La plataforma CyberPower PowerPanel utiliza credenciales codificadas para autenticarse en la base de datos, otros servicios y la nube. Esto podr\u00eda resultar en que un atacante obtenga acceso a servicios con los privilegios de una aplicaci\u00f3n empresarial Powerpanel."}], "lastModified": "2024-05-16T13:03:05.353", "sourceIdentifier": "ics-cert@hq.dhs.gov"}