How severe is CVE-2024-32735?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2024-32735 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cyberpower Powerpanel Enterprise

CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.

EPSS: 0.717 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cyberpower Powerpanel Enterprise — versions 0

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-32735?: CVE-2024-32735 is a critical-severity vulnerability in Cyberpower Powerpanel Enterprise. CVSS score: 9.8/10. Published 2024-05-09.
How severe is CVE-2024-32735?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2024-32735 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.