CVE-2024-33615

EUVD-2024-34477
A specially crafted Zip file containing path traversal characters can be
 imported to the 
CyberPower PowerPanel 

server, which allows file writing to the server outside
 the intended scope, and could allow an attacker to achieve remote code 
execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
cyberpowerpowerpanel_business
𝑥
< 4.9.0
ADP
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads