CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
trellixCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
cyberpowerpowerpanel_server
𝑥
< 2.6.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html