When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: trellix
Published: 2023-08-14T04:11:06.644Z
Updated: 2024-08-02T06:48:08.577Z
Reserved: 2023-06-15T06:50:38.458Z
Link: CVE-2023-3267
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-14T05:15:10.133
Modified: 2023-08-22T16:15:46.067
Link: CVE-2023-3267
Redhat
No data.