S4E

CVE-2022-33174 Scanner

Detects 'Authorization Bypass' vulnerability in Powertek firmware affects v. before 3.30.30.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Domain, Ipv4

Toolbox

-

Power Distribution Units (PDUs) are important devices that aid power supply in data centers and server rooms. Powertek firmware is a popular software used by multiple PDU brands to run their devices. The firmware is responsible for managing power distribution, monitoring and controlling power usage in racks, and providing real-time data to administrators. Powertek firmware is favored by many companies because of its flexibility, scalability, and compatibility with different PDU brands.

However, a critical vulnerability, CVE-2022-33174, has been detected in Powertek firmware before version 3.30.30. The vulnerability allows remote authorization bypass in the web interface, and attackers can exploit it by sending an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie value set to an empty string followed by a semicolon. This allows the attacker to bypass the active session authorization check, thereby granting system access to unauthorized users.

When exploited, this vulnerability can give attackers full control over the PDU, allowing them to manipulate power usage in the PDU, disrupt power supply to connected devices, and access critical data stored in the PDU. Exposing devices to potential cyber-attacks could lead to costly damages, including loss of data, business disruption, and reputational damage.

s4e.io is a platform that offers comprehensive security solutions to businesses and individuals. Through its pro features, users can access valuable information about vulnerabilities in their digital assets, get insights about threats to their systems, and learn how to mitigate risks. By subscribing to the platform, users can stay up-to-date on the latest security trends and technologies, and keep their systems protected from emerging cyber threats. Protecting sensitive business data and systems from cyber-attacks is critical, and s4e.io offers the expertise and resources to achieve that.

 

REFERENCES

Get started to protecting your Free Full Security Scan