CVE-2024-33625 - Vulnerability Details

Vendors	Products
Cyberpower	Powerpanel Business

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33625", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-04-29T16:47:22.341Z", "datePublished": "2024-05-15T19:19:53.960Z", "dateUpdated": "2024-08-02T02:36:04.325Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerPanel business", "vendor": "CyberPower", "versions": [{"lessThan": "4.9.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nCyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication.\n\n"}], "value": "CyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "CWE-259", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-15T19:19:53.960Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"}, {"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n<p>CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\">https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads</a><br></p>\n\n<br>"}], "value": "CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\n\n\n https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"}], "source": {"advisory": "ICSA-24-123-01", "discovery": "EXTERNAL"}, "title": "CyberPower PowerPanel business Use of Hard-coded Password", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-16T18:45:00.332821Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:*"], "vendor": "cyberpower", "product": "powerpanel_business", "versions": [{"status": "affected", "version": "0", "lessThan": "4.9.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:45:30.871Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:36:04.325Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01", "tags": ["x_transferred"]}, {"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-33625 (string)

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

state : PUBLISHED (string)

assignerShortName : icscert (string)

dateReserved : 2024-04-29T16:47:22.341Z (string)

datePublished : 2024-05-15T19:19:53.960Z (string)

dateUpdated : 2024-08-02T02:36:04.325Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : PowerPanel business (string)

vendor : CyberPower (string)

versions : [ »

0 : { »

lessThan : 4.9.0 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA. (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. (string)

}

]

value : CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-259 (string)

description : CWE-259 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

dateUpdated : 2024-05-15T19:19:53.960Z (string)

}

references : [ »

0 : { »

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 (string)

}

1 : { »

url : https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities. <a target="_blank" rel="nofollow" href="https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads">https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads</a> (string)

}

]

value : CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities. https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads (string)

}

]

source : { »

advisory : ICSA-24-123-01 (string)

discovery : EXTERNAL (string)

}

title : CyberPower PowerPanel business Use of Hard-coded Password (string)

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-33625 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-16T18:45:00.332821Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:* (string)

]

vendor : cyberpower (string)

product : powerpanel_business (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 4.9.0 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:45:30.871Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T02:36:04.325Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33625", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-04-29T16:47:22.341Z", "datePublished": "2024-05-15T19:19:53.960Z", "dateUpdated": "2024-06-04T17:45:30.871Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerPanel business", "vendor": "CyberPower", "versions": [{"lessThan": "4.9.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nCyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication.\n\n"}], "value": "CyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "CWE-259", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-15T19:19:53.960Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"}, {"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n<p>CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\">https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads</a><br></p>\n\n<br>"}], "value": "CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\n\n\n https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"}], "source": {"advisory": "ICSA-24-123-01", "discovery": "EXTERNAL"}, "title": "CyberPower PowerPanel business Use of Hard-coded Password", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-16T18:45:00.332821Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:*"], "vendor": "cyberpower", "product": "powerpanel_business", "versions": [{"status": "affected", "version": "0", "lessThan": "4.9.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.438Z"}, "title": "CISA ADP Vulnrichment"}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-33625 (string)

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

state : PUBLISHED (string)

assignerShortName : icscert (string)

dateReserved : 2024-04-29T16:47:22.341Z (string)

datePublished : 2024-05-15T19:19:53.960Z (string)

dateUpdated : 2024-06-04T17:45:30.871Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : PowerPanel business (string)

vendor : CyberPower (string)

versions : [ »

0 : { »

lessThan : 4.9.0 (string)

status : affected (string)

version : 0 (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA. (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. (string)

}

]

value : CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-259 (string)

description : CWE-259 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

dateUpdated : 2024-05-15T19:19:53.960Z (string)

}

references : [ »

0 : { »

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 (string)

}

1 : { »

url : https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities. <a target="_blank" rel="nofollow" href="https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads">https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads</a> (string)

}

]

value : CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities. https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads (string)

}

]

source : { »

advisory : ICSA-24-123-01 (string)

discovery : EXTERNAL (string)

}

title : CyberPower PowerPanel business Use of Hard-coded Password (string)

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-33625 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-16T18:45:00.332821Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:* (string)

]

vendor : cyberpower (string)

product : powerpanel_business (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 4.9.0 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-23T19:01:24.438Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

}

Show plain JSON

{"descriptions": [{"lang": "en", "value": "CyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication."}, {"lang": "es", "value": "El c\u00f3digo de la aplicaci\u00f3n empresarial CyberPower PowerPanel contiene una clave de firma JWT codificada. Esto podr\u00eda resultar en que un atacante falsifique tokens JWT para eludir la autenticaci\u00f3n."}], "id": "CVE-2024-33625", "lastModified": "2024-11-21T09:17:16.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-05-15T20:15:12.927", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{

descriptions : [ »

0 : { »

lang : en (string)

value : CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. (string)

}

1 : { »

lang : es (string)

value : El código de la aplicación empresarial CyberPower PowerPanel contiene una clave de firma JWT codificada. Esto podría resultar en que un atacante falsifique tokens JWT para eludir la autenticación. (string)

}

]

id : CVE-2024-33625 (string)

lastModified : 2024-11-21T09:17:16.207 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

]

}

published : 2024-05-15T20:15:12.927 (string)

references : [ »

0 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 (string)

}

1 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads (string)

}

]

sourceIdentifier : ics-cert@hq.dhs.gov (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-259 (string)

}

]

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object