CVE-2024-32735
published 2024-05-14CVE-2024-32735: An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.77%
93.2th percentile
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberpower | cyberpower_powerpanel_enterprise | < 2.8.3 | 2.8.3 |
| cyberpower | powerpanel | < 2.8.3 | 2.8.3 |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
matchers: words: ['"account":', '"passwd":', 'status":"success'] in HTTP response body with content-type application/json and status 200 on path /api/v1/devices
- →Unauthenticated GET requests to /api/v1/devices on port 8085 returning JSON with 'account' and 'passwd' fields indicate active exploitation of the missing authentication vulnerability. ↗
- →Shodan query 'html:"PDNU"' can be used to identify internet-exposed CyberPower PowerPanel PDNU instances. ↗
- →SQL injection attempts via the 'uid' parameter on /api/v1/confup and /api/v1/ndconfig endpoints (UNION-based, targeting SQLite) should be monitored for unauthenticated exploitation. ↗
- →Encrypted device passwords returned by the API are AES-256-CBC encrypted with a hardcoded static key; presence of this key in memory or config indicates compromise. ↗
- ·The static AES-256-CBC decryption key is hardcoded in the application and applies to all PDNU versions prior to v2.8.3; all device credentials stored in the application are at risk. ↗
- ·The PDNU REST API on port 8085 requires no authentication prior to v2.8.3, exposing all API endpoints including device credential retrieval and configuration modification. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-67p4-w92f-qx68: An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2
ghsa_unreviewed·2024-05-14
CVE-2024-32735 [CRITICAL] CWE-306 GHSA-67p4-w92f-qx68: An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
VulnCheck
CyberPower PowerPanel Enterprise PDNU REST API Unauthenticated Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-32735 [CRITICAL] CyberPower PowerPanel Enterprise PDNU REST API Unauthenticated Vulnerability
CyberPower PowerPanel Enterprise PDNU REST API Unauthenticated Vulnerability
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
Affected: CyberPower PowerPanel Enterprise
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-01-22&host_type=src&vulnerability=cve-2024-32735; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-01-23&host_type=src&vulnerability=cve-
No detection rules found.
Nuclei
CyberPower - Missing Authentication
nuclei·CVSS 9.8
CVE-2024-32735 [CRITICAL] CyberPower - Missing Authentication
CyberPower - Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.
Template:
id: CVE-2024-32735
info:
name: CyberPower - Missing Authentication
author: DhiyaneshDK
severity: critical
description: |
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
reference:
- https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote
- https://www.tenable
https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNotehttps://www.tenable.com/security/research/tra-2024-14https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNotehttps://www.tenable.com/security/research/tra-2024-14
2024-05-14
Published
Exploited in the wild