CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3265

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.8%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

Products affected by CVE-2023-3265

Cyberpower » Powerpanel Server » Version: Any

cpe:2.3:a:cyberpower:powerpanel_server:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3265

Products

Pricing

Contact Us