Vulnerability Details CVE-2020-6651
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.0
References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf
- https://www.zerodayinitiative.com/advisories/ZDI-20-649/
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf
- https://www.zerodayinitiative.com/advisories/ZDI-20-649/
Products affected by CVE-2020-6651
-
cpe:2.3:a:eaton:intelligent_power_manager:1.6
-
cpe:2.3:a:eaton:intelligent_power_manager:1.67