CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-23281

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile6.18th
Published2021年4月13日
Last Modified2024年11月21日

Vulnerability Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

Affected Platforms (CPE)

📦
Eaton

Intelligent Power Manager

< 1.69

References & Advisories

🔗 https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
🔗 https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf

相关漏洞威胁

CVE-2013-403110.0

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Managemen...

CVE-2018-120319.8

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js d...

CVE-2020-66518.8

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import ...

CVE-2021-232788.7

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due...