Vulnerability CVE-2021-23288

Vulnerability CVE-2021-23288

Published: 2022-04-01 Modified: 2022-04-02

Description:

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:A/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
2.3/10	2.9/10	4.4/10

Exploit range	Attack complexity	Authentication
Adjacent network	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Eaton -> Intelligent power protector

References:

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf

Vulnerability CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.

CWE-79

CVSS2 => (AV:A/AC:M/Au:S/C:N/I:P/A:N)

2.3/10

2.9/10

4.4/10

Adjacent network

Medium

Single time

None

Partial

None

Affected software

References: