Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-3266
PUBLISHED
More InfoOfficial Page
Assigner-trellix
Assigner Org ID-01626437-bf8f-4d1c-912a-893b5eb04808
View Known Exploited Vulnerability (KEV) details
Published At-14 Aug, 2023 | 04:09
Updated At-09 Oct, 2024 | 14:38
Rejected At-
▼CVE Numbering Authority (CNA)

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.

Affected Products
Vendor
Cyber Power Systems, Inc.CyberPower
Product
PowerPanel Enterprise
Default Status
unaffected
Versions
Affected
  • v2.6.0
Problem Types
TypeCWE IDDescription
CWECWE-358CWE-358: Improperly Implemented Security Check for Standard
Type: CWE
CWE ID: CWE-358
Description: CWE-358: Improperly Implemented Security Check for Standard
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Philippe Laulheret
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
N/A
Hyperlink: https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
x_transferred
Hyperlink: https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found