Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.

Related CPE's

o

dataprobe

iboot-pdu4a-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-c10

-

o

dataprobe

iboot-pdu4a-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-c20

-

o

dataprobe

iboot-pdu4a-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-n15

-

o

dataprobe

iboot-pdu4a-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu4a-n20

-

o

dataprobe

iboot-pdu4-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu4-c20

-

o

dataprobe

iboot-pdu4-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu4-n20

-

o

dataprobe

iboot-pdu4sa-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-c10

-

o

dataprobe

iboot-pdu4sa-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-c20

-

o

dataprobe

iboot-pdu4sa-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-n15

-

o

dataprobe

iboot-pdu4sa-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu4sa-n20

-

o

dataprobe

iboot-pdu8a-2c10_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2c10

-

o

dataprobe

iboot-pdu8a-2c20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2c20

-

o

dataprobe

iboot-pdu8a-2n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2n15

-

o

dataprobe

iboot-pdu8a-2n20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-2n20

-

o

dataprobe

iboot-pdu8a-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-c10

-

o

dataprobe

iboot-pdu8a-c20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-c20

-

o

dataprobe

iboot-pdu8a-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-n15

-

o

dataprobe

iboot-pdu8a-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu8a-n20

-

o

dataprobe

iboot-pdu8sa-2n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-2n15

-

o

dataprobe

iboot-pdu8sa-c10_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-c10

-

o

dataprobe

iboot-pdu8sa-n15_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-n15

-

o

dataprobe

iboot-pdu8sa-n20_firmware

Vulnerable

h

dataprobe

iboot-pdu8sa-n20

-

References

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

Vendor Advisory

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-289

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-14T03:15:09.833Z

2 years ago

Last modified

2024-11-21T07:16:49.587Z

1 year ago