CVE-2024-33615
📋 TL;DR
This vulnerability allows attackers to upload specially crafted Zip files containing path traversal characters to CyberPower PowerPanel servers, enabling them to write files outside intended directories and potentially achieve remote code execution. Organizations using CyberPower PowerPanel Business for Windows are affected.
💻 Affected Systems
- CyberPower PowerPanel Business for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through remote code execution, allowing attackers to install malware, steal data, or disrupt power management operations.
Likely Case
Unauthorized file writes to sensitive system locations, potentially leading to privilege escalation or service disruption.
If Mitigated
Limited impact with proper network segmentation and file upload restrictions, though the vulnerability remains present.
🎯 Exploit Status
No public exploit code is known, but the vulnerability description provides enough detail for skilled attackers to develop exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 4.9.5
Vendor Advisory: https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
Restart Required: Yes
Instructions:
1. Download PowerPanel Business for Windows version 4.9.5 or later from CyberPower website. 2. Run the installer to upgrade existing installation. 3. Restart the PowerPanel service or reboot the server.
🔧 Temporary Workarounds
Restrict Zip File Uploads
allBlock or filter Zip file uploads to PowerPanel server if not required for operations.
Network Segmentation
allIsolate PowerPanel servers from internet and restrict access to trusted networks only.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the PowerPanel server
- Monitor for unusual file upload activities and Zip file processing in server logs
🔍 How to Verify
Check if Vulnerable:
Check PowerPanel version in application interface or installation directory. Versions below 4.9.5 are vulnerable.Check Version:
Check Help > About in PowerPanel GUI or examine version.txt in installation directoryVerify Fix Applied:
Confirm PowerPanel version is 4.9.5 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual Zip file uploads to PowerPanel
- File write operations outside expected directories
- Failed authentication attempts followed by file uploads
Network Indicators:
- HTTP POST requests with Zip file uploads to PowerPanel endpoints
- Unusual outbound connections from PowerPanel server
SIEM Query:
source="powerpanel.log" AND ("zip" OR "upload") AND ("..\" OR "../")🔗 References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
