Arbitrary File delete
CVE-2021-23279

8HIGH

Key Information:

Vendor: Eaton
Status: Intelligent Power Manager (ipm)
Vendor: CVE Published:; 13 April 2021

What is CVE-2021-23279?

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Affected Version(s)

Intelligent Power manager (IPM) < 1.69

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2021
Vulnerability Reserved
Jan 8, 2021

Credit

Amir Preminger from Claroty research