Cyber Resilience

CVE-2024-11322

High

Published: 15 January 2025

Published
15 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0075 73.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11322 is a high-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-9 (Service Identification and Authentication) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2024-11322 is a denial-of-service vulnerability in CyberPower PowerPanel Business (PPB) version 4.11.0. The issue stems from the PowerPanel Business Service Watchdog service, which listens on TCP port 2003 and allows an unauthenticated remote attacker to restart the ppbd.exe process. Repeated restarts of this process can render it unavailable, leading to service disruption. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-287 (Improper Authentication).

An unauthenticated attacker with network access to the affected system can exploit this vulnerability by sending requests to TCP port 2003, triggering the watchdog service to restart ppbd.exe. By repeating the attack, the attacker can repeatedly crash and restart the process, causing a denial-of-service condition that impacts the availability of PowerPanel Business functions. No privileges, user interaction, or scope changes are required, making it straightforward to exploit remotely.

The Tenable advisory at https://www.tenable.com/security/research/tra-2025-01 provides further details on the vulnerability, including potential mitigation steps. Published on 2025-01-15, no patches or specific workarounds are detailed in the provided information.

EU & UK References

Vulnerability details

A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it…

more

unavailable.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct unauthenticated remote exploitation of public-facing watchdog service on TCP 2003 to trigger repeated process restarts, enabling application DoS via system exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0558Shared CWE-287
CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2025-43995Shared CWE-287
CVE-2026-7876Shared CWE-287
CVE-2025-0637Shared CWE-287
CVE-2025-61882Shared CWE-287

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires the PowerPanel Business Service Watchdog service to identify and authenticate requests before permitting process restarts, directly addressing the improper authentication (CWE-287).

prevent

Monitors and controls communications to TCP port 2003 at system boundaries, blocking unauthenticated remote access to the vulnerable service.

prevent

Implements safeguards to protect against or limit denial-of-service effects from repeated ppbd.exe restarts triggered via the watchdog service.

References