CVE-2020-6652
Summary
| CVE | CVE-2020-6652 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-07 16:15:00 UTC |
| Updated | 2020-05-12 22:15:00 UTC |
| Description | Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eaton | Intelligent Power Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ZDI-20-650 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/securit... | MISC | www.eaton.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Eaton would like to thank Sivathmican Sivakumaran for working with Eaton and helping Eaton in releasing more robust and secure products.
There are currently no legacy QID mappings associated with this CVE.