Vulnerability Details : CVE-2023-25133
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
Published
2023-04-24 11:15:07
Updated
2023-05-02 20:24:59
Products affected by CVE-2023-25133
- cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:linux:*:*
- Cyberpower » Powerpanel » Business Edition For Virtual MachineVersions up to, including, (<=) 4.8.6cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:virtual_machine:*:*
- cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:macos:*:*
- cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-25133
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-25133
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
ZUSO Advanced Research Team (ZUSO ART) | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-25133
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by:
- ART@zuso.ai (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-25133
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads
Product
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads
Product
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads
Product
-
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
Product
-
https://zuso.ai/Advisory/
ZUSO Generation 如梭世代Third Party Advisory
Jump to