Vulnerability Details : CVE-2023-25131
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.
Published
2023-04-24 10:15:07
Updated
2023-05-03 15:29:23
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-25131
- cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:linux:*:*
- Cyberpower » Powerpanel » Business Edition For Virtual MachineVersions up to, including, (<=) 4.8.6cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:virtual_machine:*:*
- cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:macos:*:*
- cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-25131
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-25131
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.4
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
3.9
|
5.5
|
ZUSO Advanced Research Team (ZUSO ART) | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-25131
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
-
The product uses default passwords for potentially critical functionality.Assigned by: ART@zuso.ai (Secondary)
References for CVE-2023-25131
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads
Product
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads
Product
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads
Product
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
Product
-
https://zuso.ai/Advisory/
ZUSO Generation 如梭世代Third Party Advisory
Jump to