{"containers":{"cna":{"affected":[{"product":"Intelligent Power Protector","vendor":"Eaton","versions":[{"lessThan":"1.69","status":"affected","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Eaton thanks the below researchers for the coordinated support on the security vulnerabilities: - • CVE-2021-23288 – Andreas Finstad and Arthur Donkers"}],"datePublic":"2022-02-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":5.6,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Cross-site Scripting (XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-04-01T22:17:34.000Z","orgId":"63703b7d-23e2-41ef-94b3-a3c6333f7759","shortName":"Eaton"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf"}],"solutions":[{"lang":"en","value":"Eaton has patched these security issues and new versions of the affected software are released. The latest versions can be downloaded from below location: -\nEaton IPM v1.69 – https://www.eaton.com/us/en-us/catalog/backup-power-ups-surge-it-power-distribution/eaton-intelligent-power-protector.resources.html"}],"source":{"advisory":"ETN-VA-2021-1002b","discovery":"EXTERNAL"},"title":"Security issues in Intelligent Power Protector","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"CybersecurityCOE@eaton.com","DATE_PUBLIC":"2022-02-08T11:20:00.000Z","ID":"CVE-2021-23288","STATE":"PUBLIC","TITLE":"Security issues in Intelligent Power Protector"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Intelligent Power Protector","version":{"version_data":[{"version_affected":"<","version_value":"1.69"}]}}]},"vendor_name":"Eaton"}]}},"credit":[{"lang":"eng","value":"Eaton thanks the below researchers for the coordinated support on the security vulnerabilities: - • CVE-2021-23288 – Andreas Finstad and Arthur Donkers"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":5.6,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross-site Scripting (XSS)"}]}]},"references":{"reference_data":[{"name":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf","refsource":"MISC","url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf"}]},"solution":[{"lang":"en","value":"Eaton has patched these security issues and new versions of the affected software are released. The latest versions can be downloaded from below location: -\nEaton IPM v1.69 – https://www.eaton.com/us/en-us/catalog/backup-power-ups-surge-it-power-distribution/eaton-intelligent-power-protector.resources.html"}],"source":{"advisory":"ETN-VA-2021-1002b","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:05:55.288Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf"}]}]},"cveMetadata":{"assignerOrgId":"63703b7d-23e2-41ef-94b3-a3c6333f7759","assignerShortName":"Eaton","cveId":"CVE-2021-23288","datePublished":"2022-04-01T22:17:34.614Z","dateReserved":"2021-01-08T00:00:00.000Z","dateUpdated":"2024-09-16T19:14:44.585Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}