Monday, August 14, 2023
HomeCyber SecurityA number of Flaws in CyberPower and Dataprobe Merchandise Put Knowledge Facilities...

A number of Flaws in CyberPower and Dataprobe Merchandise Put Knowledge Facilities at Threat


Aug 12, 2023THNServer Safety / Cyber Menace

A number of safety vulnerabilities impacting CyberPower’s PowerPanel Enterprise Knowledge Heart Infrastructure Administration (DCIM) platform and Dataprobe’s iBoot Energy Distribution Unit (PDU) could possibly be doubtlessly exploited to achieve unauthenticated entry to those methods and inflict catastrophic harm in goal environments.

The 9 vulnerabilities, from CVE-2023-3259 via CVE-2023-3267, carry severity scores starting from 6.7 to 9.8, enabling menace actors to close down total knowledge facilities and compromise knowledge middle deployments to steal knowledge or launch huge assaults at a large scale.

“An attacker might chain these vulnerabilities collectively to achieve full entry to those methods,” Trellix safety researchers Sam Quinn, Jesse Chick, and Philippe Laulheret stated in a report shared with The Hacker Information.

“Moreover, each merchandise are susceptible to distant code injection that could possibly be leveraged to create a backdoor or an entry level to the broader community of linked knowledge middle gadgets and enterprise methods.”

Cybersecurity

The findings had been introduced on the DEF CON safety convention as we speak. There isn’t any proof that these shortcomings had been abused within the wild. The listing of flaws, which have been addressed in model 2.6.9 of PowerPanel Enterprise software program and model 1.44.08042023 of the Dataprobe iBoot PDU firmware, is beneath –

Dataprobe iBoot PDU –

  • CVE-2023-3259 (CVSS rating: 9.8) – Deserialization of untrusted knowledge, resulting in authentication bypass
  • CVE-2023-3260 (CVSS rating: 7.2) – OS command injection, resulting in authenticated distant code execution
  • CVE-2023-3261 (CVSS rating: 7.5) – Buffer overflow, resulting in denial-of-service (DoS)
  • CVE-2023-3262 (CVSS rating: 6.7) – Use of hard-coded credentials
  • CVE-2023-3263 (CVSS rating: 7.5) – Authentication bypass by alternate identify

CyberPower PowerPanel Enterprise –

  • CVE-2023-3264 (CVSS rating: 6.7) – Use of hard-coded credentials
  • CVE-2023-3265 (CVSS rating: 7.2) – Improper neutralization of escape, meta, or management sequences, resulting in authentication bypass
  • CVE-2023-3266 (CVSS rating: 7.5) – Improperly Carried out Safety Test for Normal, resulting in authentication bypass
  • CVE-2023-3267 (CVSS rating: 7.5) – OS command injection, resulting in authenticated distant code execution

Profitable exploitation of the aforementioned flaws might affect important infrastructure deployments that depend on knowledge facilities, leading to shutdowns with a “flip of a swap,” conduct widespread ransomware, DDoS or wiper assaults, or conduct cyber espionage.

“A vulnerability on a single knowledge middle administration platform or system can shortly lead to a whole compromise of the inner community and provides menace actors a foothold to assault any linked cloud infrastructure additional,” the researchers stated.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.





Supply hyperlink

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments