CVE-2023-3265

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 14, 2023
Updated: Aug 22, 2023
CWE ID 190

Summary

CVE-2023-3265 is a newly identified cybersecurity vulnerability affecting CyberPower PowerPanel Enterprise. The issue lies in the application's authentication process, which fails to sanitize meta-characters from usernames. A malicious actor can exploit this flaw by appending a non-printable character to the default username "cyberpower." As a result, they can bypass the authentication system and gain unauthorized access to the application. This vulnerability poses a significant risk as an unauthenticated attacker can potentially log in to the CyberPower PowerPanel Enterprise as an administrator using the hardcoded default credentials.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share