CVE-2021-23278 : Security Advisory and Response
Learn about CVE-2021-23278 affecting Eaton's Intelligent Power Manager (IPM) prior to 1.69. Explore the impact, technical details, and mitigation steps for this high-severity vulnerability.
Eaton Intelligent Power Manager (IPM) prior to version 1.69 is vulnerable to an authenticated arbitrary file delete vulnerability. An attacker can exploit this flaw by sending specially crafted packets to the server, leading to arbitrary file deletion.
Understanding CVE-2021-23278
This CVE pertains to a vulnerability in Eaton's Intelligent Power Manager (IPM) software that allows authenticated attackers to delete arbitrary files.
What is CVE-2021-23278?
The vulnerability in Eaton IPM version less than 1.69 is caused by improper input validation. Attackers can execute the file delete action by manipulating packets targeting specific server endpoints.
The Impact of CVE-2021-23278
With a CVSS base score of 8.7, this vulnerability has a high impact on system integrity and availability. It does not require high privileges and can be exploited over an adjacent network, making it a serious threat to affected systems.
Technical Details of CVE-2021-23278
This section discusses the specifics of the vulnerability in terms of description, affected systems, versions, and the exploitation mechanism.
Vulnerability Description
The vulnerability is induced by improper input validation at server/maps_srv.js and server/node_upgrade_srv.js, enabling attackers to delete files via crafted packets.
Affected Systems and Versions
Eaton's Intelligent Power Manager (IPM) software versions prior to 1.69 are susceptible to this arbitrary file delete vulnerability.
Exploitation Mechanism
By sending specially crafted packets to server endpoints with specific actions, attackers can trigger the deletion of files on systems with the vulnerable IPM software.
Mitigation and Prevention
To address CVE-2021-23278, immediate steps should be taken along with long-term security practices and regular patching.
Immediate Steps to Take
Eaton recommends blocking ports 4679 and 4680 at the network level where IPM software is deployed to prevent exploitation of this vulnerability.
Long-Term Security Practices
Establish comprehensive security measures, including network segmentation, access control, and ongoing security monitoring to mitigate risks.
Patching and Updates
Upgrade the Eaton Intelligent Power Manager (IPM) software to the latest version 1.69 to eliminate the vulnerability and enhance system security.