{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-25133","assignerOrgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","assignerShortName":"ZUSO ART","dateUpdated":"2025-02-04T17:22:44.012Z","dateReserved":"2023-02-02T00:00:00.000Z","datePublished":"2023-04-24T00:00:00.000Z"},"containers":{"cna":{"title":"Improper privilege management vulnerability in CyberPower PowerPanel Business","providerMetadata":{"orgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","shortName":"ZUSO ART","dateUpdated":"2023-04-24T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors."}],"affected":[{"vendor":"CyberPower","product":"PowerPanel Business Local / Remote","versions":[{"version":"unspecified","lessThanOrEqual":"v4.8.6","status":"affected","versionType":"custom"}],"platforms":["Windows, MacOS, Linux"]},{"vendor":"CyberPower","product":"PowerPanel Business Management","versions":[{"version":"unspecified","lessThanOrEqual":"v4.8.6","status":"affected","versionType":"custom"}],"platforms":["Windows, MacOS, Linux"]}],"references":[{"url":"https://zuso.ai/Advisory/"},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads"},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads"},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-269 Improper Privilege Management","cweId":"CWE-269"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["ZA-2023-03"],"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:18:35.307Z"},"title":"CVE Program Container","references":[{"url":"https://zuso.ai/Advisory/","tags":["x_transferred"]},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads","tags":["x_transferred"]},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_linux#downloads","tags":["x_transferred"]},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_mac#downloads","tags":["x_transferred"]},{"url":"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_virtual_machine#downloads","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-04T17:22:25.498117Z","id":"CVE-2023-25133","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-04T17:22:44.012Z"}}]}}