CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote	Release Notes
https://www.tenable.com/security/research/tra-2024-14	Third Party Advisory
https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote	Release Notes
https://www.tenable.com/security/research/tra-2024-14	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:enterprise:windows:*:*

History

23 Oct 2025, 12:13

Type	Values Removed	Values Added
References	~~() https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote -~~	() https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote - Release Notes
References	~~() https://www.tenable.com/security/research/tra-2024-14 -~~	() https://www.tenable.com/security/research/tra-2024-14 - Third Party Advisory
First Time		Cyberpower Cyberpower powerpanel
CPE		cpe:2.3:a:cyberpower:powerpanel:::::enterprise:windows::

Information

Published : 2024-05-14 15:37

Updated : 2025-10-23 12:13

NVD link : CVE-2024-32735

Mitre link : CVE-2024-32735

CVE.ORG link : CVE-2024-32735

JSON object : View

Products Affected

cyberpower

powerpanel

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-32735", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-05-14T15:37:03.527", "references": [{"url": "https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote", "tags": ["Release Notes"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2024-14", "tags": ["Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tenable.com/security/research/tra-2024-14", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.\u00a0An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application."}, {"lang": "es", "value": "Existe un problema relacionado con la falta de autenticaci\u00f3n para ciertas utilidades en CyberPower PowerPanel Enterprise antes de la versi\u00f3n 2.8.3. Un atacante remoto no autenticado puede acceder a las API REST de PDNU, lo que puede comprometer la aplicaci\u00f3n."}], "lastModified": "2025-10-23T12:13:36.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:enterprise:windows:*:*", "vulnerable": true, "matchCriteriaId": "126B1CFF-D57B-4702-87D3-021C846308AD", "versionEndExcluding": "2.8.3"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}