Cyber Resilience

CVE-2023-3265

Critical

Published: 14 August 2023

Published
14 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 41.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-3265 is a critical-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Cyberpower Powerpanel Server. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability…

more

to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cyberpower
powerpanel server
≤ 2.6.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References