![]() Use the available access control mechanisms properly to ensure system and application access is restricted to legitimate users only. MITIGATIONSĮaton recommends users upgrade to the latest version of its software, Eaton IPP v1.69Įaton recommends users follow the security best practices and configure the logical access mechanisms provided in IPP to safeguard the application from unauthorized access. Michael Heinzl reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors.A CVSS v3 base score of 5.2 has been calculated the CVSS vector string is ( AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). The affected product is vulnerable to a cross-site scripting vulnerability due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.ĬVE-2021-23283 has been assigned to this vulnerability. Eaton Intelligent Power Protector (IPP): All versions prior to v1.69 release 166ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79.The following versions of Eaton IPP, a power protection platform, are affected: Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data. Equipment: Intelligent Power Protector (IPP).ATTENTION: Exploitable remotely/low attack complexity.After setting this level we set vSphere shutdown order & ordered on our virtual machines. ![]() usr/local/Eaton/IntelligentPowerprotector/bin/ –server HOST_ESXi –username USUARIO –password XXXXXįor more info use Intelligent Power Protector official guide. We can a script to shut down the hosts that we are interested in / usr / local / Eaton / IntelligentPowerprotector / bin / and recommended specifically created with a user permissions off: ![]() Indicate the UPS, your credentials and indicate a type of off (Shutdown, Hibernate, Power off o Script), In this case I will make a script to turn off 3 hosts simultaneously. If you do not see our UPS will make a scan from: ‘Quick scan’, ‘Range scan’ o ‘Address(is) scan’, once we found we activate from “Set as power source” (This will configure each UPS that we have). Open a browser to the IP address of the appliance vMA using port 4679 (for http) or 4680 (to https) default user 'admin’ and password 'admin'. We got off the web EATON Intelligent Power Protector (currently version 1.10) for Linux & VMware ESX/ESXi (an rpm), we got on the vMA appliance with WinSCP and install it with: We recorded with iptables: service iptables save Sudo iptables -I OUTPUT -p udp –dport 2845 -j ACCEPT Sudo iptables -I OUTPUT -p udp –dport 2844 -j ACCEPT Sudo iptables -I OUTPUT -p udp –dport 200 -j ACCEPT Sudo iptables -I OUTPUT -p udp –dport 161 -j ACCEPT Sudo iptables -I INPUT -p udp –dport 2845 -j ACCEPT Sudo iptables -I INPUT -p udp –dport 2844 -j ACCEPT Sudo iptables -I INPUT -p udp –dport 200 -j ACCEPT Sudo iptables -I INPUT -p udp –dport 161 -j ACCEPT Sudo iptables -I INPUT -p udp –dport 4680 -j ACCEPTĪlso allow communication between IPP and UPS connection adapters (BD/X-Slot/PXGX2000): Sudo iptables -I INPUT -p udp –dport 4679 -j ACCEPT Sudo iptables -I INPUT -p tcp –dport 4680 -j ACCEPT Sudo iptables -I INPUT -p tcp –dport 4679 -j ACCEPT Sudo iptables -I OUTPUT -p tcp –dport 5000 -j ACCEPT Sudo iptables -I OUTPUT -p tcp –dport 80 -j ACCEPT The first, It should be open ports 4679tcp, 4679udp, 4680tcp, 4680udp, 80tcp and 5000tcp to allow traffic to IPP running the vMA: The need for it previously to have an appliance VMware vMA, donde instalaremos Intelligent Power Protector (IPP) and he will be in charge of sending off ordered our hosts ESXi. In this document we will see a simple way how to configure a shutdown in our virtual infrastructure VMware vSphere if you have a UPS manufacturer EATON.
0 Comments
Leave a Reply. |