PT-2024-3239 · Cyberpower · Cyberpower Powerpanel

Published

2024-05-02

Updated

2024-05-16

CVE-2024-32042

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CyberPower PowerPanel (affected versions not specified)

Description The issue concerns the storage of passwords in a recoverable format within the PowerPanel system. This is due to the encryption key being accessible in the application code, allowing for the potential recovery of passwords. An attacker could exploit this to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-257

Related Identifiers

BDU:2024-03468

CVE-2024-32042

Affected Products

Cyberpower Powerpanel

PT-2024-3239 · Cyberpower · Cyberpower Powerpanel

CVE-2024-32042

Weakness Enumeration

Related Identifiers

Affected Products

References · 8