CVE-2021-23279 HIGH

CVE-2021-23279: Arbitrary File delete

Vendor Eaton
Product Intelligent Power manager (IPM)
Weakness CWE-20 · Input validation
Published April 13, 2021
Last update September 16, 2024

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Key dates

02Disclosure timeline

April 13, 2021 CVE published
September 16, 2024 Record updated