Authenticated Arbitrary File Delete Vulnerability in Eaton Intelligent Power Manager (IPM)

Authenticated Arbitrary File Delete Vulnerability in Eaton Intelligent Power Manager (IPM)

CVE-2021-23278 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Learn more about our Cis Benchmark Audit For Server Software.