CVE-2019-13071 — HIGH (8.8)

Vulnerability Description

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cyberpowersystems	Powerpanel	3.4.0

Related Weaknesses (CWE)

CWE-352

References

http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-CrExploitThird Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/11ExploitMailing ListThird Party Advisory
http://packetstormsecurity.com/files/153581/PowerPanel-Business-Edition-3.4.0-CrExploitThird Party Advisory
http://seclists.org/fulldisclosure/2019/Jul/11ExploitMailing ListThird Party Advisory

FAQ

What is CVE-2019-13071?

CVE-2019-13071 is a vulnerability with a CVSS score of 8.8 (HIGH). CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an ...

How severe is CVE-2019-13071?

CVE-2019-13071 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13071?

Check the references section above for vendor advisories and patch information. Affected products include: Cyberpowersystems Powerpanel.