Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

Related CPE's

o

dataprobe

iboot-pdu4a-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-c10

-

o

dataprobe

iboot-pdu4a-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-c20

-

o

dataprobe

iboot-pdu4a-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-n15

-

o

dataprobe

iboot-pdu4a-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-n20

-

o

dataprobe

iboot-pdu4-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu4-c20

-

o

dataprobe

iboot-pdu4-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu4-n20

-

o

dataprobe

iboot-pdu4sa-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-c10

-

o

dataprobe

iboot-pdu4sa-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-c20

-

o

dataprobe

iboot-pdu4sa-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-n15

-

o

dataprobe

iboot-pdu4sa-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-n20

-

o

dataprobe

iboot-pdu8a-2c10_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2c10

-

o

dataprobe

iboot-pdu8a-2c20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2c20

-

o

dataprobe

iboot-pdu8a-2n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2n15

-

o

dataprobe

iboot-pdu8a-2n20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2n20

-

o

dataprobe

iboot-pdu8a-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-c10

-

o

dataprobe

iboot-pdu8a-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-c20

-

o

dataprobe

iboot-pdu8a-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-n15

-

o

dataprobe

iboot-pdu8a-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-n20

-

o

dataprobe

iboot-pdu8sa-2n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-2n15

-

o

dataprobe

iboot-pdu8sa-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-c10

-

o

dataprobe

iboot-pdu8sa-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-n15

-

o

dataprobe

iboot-pdu8sa-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-n20

-

References

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-798

[email protected]

Secondary
CWE-798

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-14T04:15:11.043

11 months ago

Last modified

2023-08-25T06:15:09.797

11 months ago