CVE-2024-11322
Published: 15 January 2025
Summary
CVE-2024-11322 is a high-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-9 (Service Identification and Authentication) and SC-5 (Denial-of-service Protection).
Deeper analysis
CVE-2024-11322 is a denial-of-service vulnerability in CyberPower PowerPanel Business (PPB) version 4.11.0. The issue stems from the PowerPanel Business Service Watchdog service, which listens on TCP port 2003 and allows an unauthenticated remote attacker to restart the ppbd.exe process. Repeated restarts of this process can render it unavailable, leading to service disruption. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-287 (Improper Authentication).
An unauthenticated attacker with network access to the affected system can exploit this vulnerability by sending requests to TCP port 2003, triggering the watchdog service to restart ppbd.exe. By repeating the attack, the attacker can repeatedly crash and restart the process, causing a denial-of-service condition that impacts the availability of PowerPanel Business functions. No privileges, user interaction, or scope changes are required, making it straightforward to exploit remotely.
The Tenable advisory at https://www.tenable.com/security/research/tra-2025-01 provides further details on the vulnerability, including potential mitigation steps. Published on 2025-01-15, no patches or specific workarounds are detailed in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-34379
Vulnerability details
A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it…
more
unavailable.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote exploitation of public-facing watchdog service on TCP 2003 to trigger repeated process restarts, enabling application DoS via system exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires the PowerPanel Business Service Watchdog service to identify and authenticate requests before permitting process restarts, directly addressing the improper authentication (CWE-287).
Monitors and controls communications to TCP port 2003 at system boundaries, blocking unauthenticated remote access to the vulnerable service.
Implements safeguards to protect against or limit denial-of-service effects from repeated ppbd.exe restarts triggered via the watchdog service.