CVE-2024-11322 HIGH

CVE-2024-11322: CyberPower PowerPanel Business Unauthenticated Restart DoS

Vendor C4.Yberpower
Product PowerPanel Business
Weakness CWE-287 · Improper authentication
Published January 15, 2025
Last update January 15, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it unavailable.

Key dates

02Disclosure timeline

January 15, 2025 CVE published
January 15, 2025 Record updated