CVE-2024-32735

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3

Description: The issue is related to missing authentication for certain utilities in CyberPower PowerPanel Enterprise, allowing an unauthenticated remote attacker to access the PDNU REST APIs. This may result in the compromise of the application. An attacker can exploit this issue to gain unauthorized access to the application through the REST API.

Recommendations: For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the PDNU REST APIs until a patch is available.