CVE-2024-33625

Critical

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT…

icscert·CWE-259·Published 2024-05-15

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

166 chars

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.

NVDen

166 chars

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.

El código de la aplicación empresarial CyberPower PowerPanel contiene una clave de firma JWT codificada. Esto podría resultar en que un atacante falsifique tokens JWT para eludir la autenticación.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H