Apcupsd : Security Vulnerabilities CVSS score >= 2
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
| Max Base Score | 10.0 |
| Published | 2003-03-03 |
| Updated | 2018-09-26 |
| EPSS | 0.95% |
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
| Max Base Score | 9.8 |
| Published | 2019-06-03 |
| Updated | 2020-08-24 |
| EPSS | 0.40% |
In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe.
| Max Base Score | 8.4 |
| Published | 2017-06-16 |
| Updated | 2019-10-03 |
| EPSS | 0.10% |
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.
| Max Base Score | 6.1 |
| Published | 2019-06-03 |
| Updated | 2019-06-04 |
| EPSS | 0.12% |
4 vulnerabilities found