Multiple flaws in CyberPower and Data Probe products put data centers at risk.

Exploitation of multiple security vulnerabilities affecting CyberPower’s PowerPanel enterprise data center infrastructure management (DCIM) platform and Dataprobe’s iBoot power distribution unit (PDU) to potentially gain unauthenticated access to these systems and cause catastrophic damage in target environments can be done.

The nine vulnerabilities, ranging from CVE-2023-3259 to CVE-2023-3267, carry severity scores ranging from 6.7 to 9.8, which could allow threat actors to shut down entire data centers and steal data or launch large-scale attacks on a large scale, enable them to compromise data center deployments for scale.

“An attacker could chain these vulnerabilities together to gain complete access to these systems,” Trellix security researchers Sam Quinn, Jesse Chick and Philippe Laulheret said in a report shared.

“In addition, both products are vulnerable to remote code injection that can be used to create a backdoor or entry point into a wider network of connected data center devices and enterprise systems.”

The findings were presented today at the DEF CON security conference. There is no evidence that these loopholes were abused in the wild. The list of vulnerabilities that have been addressed in version 2.6.9 of PowerPanel Enterprise Software and version 1.44.08042023 of Dataprobe iBoot PDU Firmware is below –

Dataprobe iBoot PDU –

  • CVE-2023-3259 (CVSS score: 9.8) – Deserialization of untrusted data, causing authentication to be bypassed
  • CVE-2023-3260 (CVSS Score: 7.2) – OS command injection, leading to authenticated remote code execution
  • CVE-2023-3261 (CVSS score: 7.5) – Buffer overflow, causing denial of service (DoS)
  • CVE-2023-3262 (CVSS score: 6.7) – use of hard-coded credentials
  • CVE-2023-3263 (CVSS score: 7.5) – Authentication bypass by alternate name

CyberPower PowerPanel Enterprise –

  • CVE-2023-3264 (CVSS score: 6.7) – use of hard-coded credentials
  • CVE-2023-3265 (CVSS score: 7.2) – Improper neutralization of escape, meta, or control sequences, causing authentication to be bypassed
  • CVE-2023-3266 (CVSS Score: 7.5) – Improperly implemented security check for the standard, causing validation to be bypassed
  • CVE-2023-3267 (CVSS Score: 7.5) – OS command injection leading to authenticated remote code execution

Successful exploitation of the aforementioned flaws could impact critical infrastructure deployments that rely on data centers, resulting in shutdowns with a “flip of a switch,” conduct widespread ransomware, DDoS or wiper attacks, or conduct cyber espionage.

“A vulnerability on a single data center management platform or device can quickly lead to a complete compromise of the internal network and give threat actors a foothold to attack any connected cloud infrastructure further,” the researchers said.

Related posts

Microsoft CEO Satya Nadella dreams of a world where India and every person on the planet is empowered by AI

Chinese hackers exploited FortiGate Flaw to break the Dutch Military Network

Russian Coldriver hackers are moving beyond phishing with custom malware

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More