CVE-2024-32735 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2024-32735?

CVE-2024-32735 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated remote attackers to access PDNU REST APIs in CyberPower PowerPanel Enterprise, potentially leading to application compromise. It affects versions prior to 2.8.3, exposing systems to unauthorized control and data manipulation.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to access PDNU REST APIs in CyberPower PowerPanel Enterprise, potentially leading to application compromise. It affects versions prior to 2.8.3, exposing systems to unauthorized control and data manipulation.

💻 Affected Systems

Products:

CyberPower PowerPanel Enterprise

Versions: Versions prior to 2.8.3

Operating Systems: Not specified, likely cross-platform as it's a software application

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the PDNU REST APIs specifically; systems with these APIs enabled are vulnerable by default.

📦 What is this software?

Powerpanel by Cyberpower

View all CVEs affecting Powerpanel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the PowerPanel Enterprise application, allowing attackers to manipulate power management settings, disrupt operations, or pivot to other systems.

🟠

Likely Case

Unauthorized access to sensitive power management data and configuration, potentially enabling further attacks or operational interference.

🟢

If Mitigated

Limited impact if network segmentation and access controls restrict exposure, but risk remains if unpatched.

🌐 Internet-Facing: HIGH, as the vulnerability is unauthenticated and remote, making internet-exposed systems prime targets for exploitation.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it, but network controls may reduce exposure compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW, as it involves accessing APIs without authentication, requiring minimal technical skill.

Exploitation is straightforward due to missing authentication, but no public proof-of-concept has been confirmed as of the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.3

Vendor Advisory: https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote

Restart Required: Yes

Instructions:

1. Download the update from the CyberPower vendor advisory. 2. Backup current configuration. 3. Install version 2.8.3 or later. 4. Restart the PowerPanel Enterprise service to apply changes.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to the PowerPanel Enterprise APIs using firewalls or network segmentation to limit exposure to trusted IPs only.

iptables -A INPUT -p tcp --dport <API_PORT> -s <TRUSTED_IP> -j ACCEPT
iptables -A INPUT -p tcp --dport <API_PORT> -j DROP

Disable Unused APIs

all

If PDNU REST APIs are not required, disable them in the application configuration to reduce attack surface.

🧯 If You Can't Patch

Implement strict network segmentation to isolate PowerPanel Enterprise systems from untrusted networks.
Monitor and log all access attempts to the PDNU REST APIs for suspicious activity and alert on unauthorized attempts.

🔍 How to Verify

Check if Vulnerable:

Check the PowerPanel Enterprise version via the admin interface or configuration files; if version is below 2.8.3, it is vulnerable.

Check Version:

Check the application's admin panel or configuration file for version information; no standard CLI command is specified.

Verify Fix Applied:

After patching, confirm the version is 2.8.3 or higher and test that unauthenticated access to PDNU REST APIs is blocked.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to PDNU REST API endpoints in application logs
Failed authentication logs for API requests

Network Indicators:

Unusual traffic patterns to PowerPanel Enterprise API ports from untrusted sources
HTTP requests to PDNU endpoints without authentication headers

SIEM Query:

source="powerpanel_logs" AND (url_path="/pdnu/*" AND auth_status="failed")

📊 Metadata

CVE ID: CVE-2024-32735

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: May 14, 2024

Last Updated: October 23, 2025

🔗 References

https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote Release Notes
https://www.tenable.com/security/research/tra-2024-14 Third Party Advisory
https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote Release Notes
https://www.tenable.com/security/research/tra-2024-14 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32735, you might also want to check these: