Multiple security vulnerabilities impacting CyberPower’s PowerPanel Organization Knowledge Heart Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Electricity Distribution Unit (PDU) could be probably exploited to attain unauthenticated entry to these programs and inflict catastrophic problems in concentrate on environments.
The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry severity scores ranging from 6.7 to 9.8, enabling risk actors to shut down entire details facilities and compromise data heart deployments to steal facts or start enormous attacks at a enormous scale.
“An attacker could chain these vulnerabilities alongside one another to gain comprehensive accessibility to these devices,” Trellix security researchers Sam Quinn, Jesse Chick, and Philippe Laulheret reported in a report shared with The Hacker News.
![AOMEI Backupper Lifetime](https://thecybersecurity.news/data/2021/12/AOMEI-Backupper-Professional.png)
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Also, each goods are vulnerable to distant code injection that could be leveraged to create a backdoor or an entry point to the broader network of linked info middle gadgets and business methods.”
The findings have been introduced at the DEFCON security convention today. There is no evidence that these shortcomings were being abused in the wild. The listing of flaws, which have been addressed in variation 2.6.9 of PowerPanel Business software program and edition 1.44.08042023 of the Dataprobe iBoot PDU firmware, is under –
Dataprobe iBoot PDU –
- CVE-2023-3259 (CVSS score: 9.8) – Deserialization of untrusted data, leading to authentication bypass
- CVE-2023-3260 (CVSS score: 7.2) – OS command injection, foremost to authenticated remote code execution
- CVE-2023-3261 (CVSS score: 7.5) – Buffer overflow, primary to denial-of-provider (DoS)
- CVE-2023-3262 (CVSS rating: 6.7) – Use of challenging-coded qualifications
- CVE-2023-3263 (CVSS score: 7.5) – Authentication bypass by alternate title
CyberPower PowerPanel Company –
- CVE-2023-3264 (CVSS score: 6.7) – Use of tricky-coded qualifications
- CVE-2023-3265 (CVSS score: 7.2) – Incorrect neutralization of escape, meta, or regulate sequences, foremost to authentication bypass
- CVE-2023-3266 (CVSS score: 7.5) – Improperly Executed Security Check for Conventional, foremost to authentication bypass
- CVE-2023-3267 (CVSS score: 7.5) – OS command injection, foremost to authenticated distant code execution
Prosperous exploitation of the aforementioned flaws could affect critical infrastructure deployments that depend on information centers, ensuing in shutdowns with a “flip of a switch,” carry out widespread ransomware, DDoS or wiper attacks, or perform cyber espionage.
“A vulnerability on a one knowledge heart administration platform or unit can speedily guide to a finish compromise of the interior network and give menace actors a foothold to attack any linked cloud infrastructure further,” the researchers stated.
Observed this posting attention-grabbing? Abide by us on Twitter and LinkedIn to read a lot more exclusive information we post.
Some pieces of this article are sourced from:
thehackernews.com