Security issues in Intelligent Power Protector
CVE-2021-23288

5.6MEDIUM

Key Information:

Vendor
Eaton
Status
Intelligent Power Protector
Vendor
CVE Published:
1 April 2022

Summary

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.

Affected Version(s)

Intelligent Power Protector < 1.69

References

https://www.eaton.com/content/dam/eaton/company/news-insi...
x_refsource_MISC

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eaton thanks the below researchers for the coordinated support on the security vulnerabilities: - • CVE-2021-23288 – Andreas Finstad and Arthur Donkers
.
CVE-2021-23288 : Security issues in Intelligent Power Protector | SecurityVulnerability.io