Thursday , November 14 2024

Major vulnerabilities discovered in data center solutions

infosecbulletin Sunday , August 20 2023 National

Two widely used data center solutions, CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU), have been found to have significant security vulnerabilities by researchers.

By exploiting these vulnerabilities consecutively, an attacker could obtain complete control over these systems, giving them the ability to cause significant harm. Trellix researchers have noted that both products are susceptible to remote code injection, which could potentially enable the creation of a backdoor or serve as an entry point to the larger network of connected data center devices and enterprise systems.

Bitdefender releases free decryptor for ShrinkLocker ransomware

By infosecbulletin / Thursday , November 14 2024
Bitdefender has released a decryptor for the ShrinkLocker ransomware after months of concern from responders regarding attacks involving this malware....
Read More
Bitdefender releases free decryptor for ShrinkLocker ransomware

Fortinet releases updates for Various Products

By infosecbulletin / Wednesday , November 13 2024
Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take...
Read More
Fortinet releases updates for Various Products

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

By infosecbulletin / Wednesday , November 13 2024
Microsoft's latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited....
Read More
Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

By infosecbulletin / Monday , November 11 2024
On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems...
Read More
CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

Cyberattack Disrupts Israel’s Gas and Payment Systems

By infosecbulletin / Monday , November 11 2024
A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping...
Read More
Cyberattack Disrupts Israel’s Gas and Payment Systems

Russia blocks thousands websites using Cloudflare’s privacy service

By infosecbulletin / Monday , November 11 2024
Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....
Read More
Russia blocks thousands websites using Cloudflare’s privacy service

Hacker to sale Indian Gov.t email credentials

By infosecbulletin / Sunday , November 10 2024
Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...
Read More
Hacker to sale Indian Gov.t email credentials

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

By infosecbulletin / Saturday , November 9 2024
Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one...
Read More
Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

By infosecbulletin / Friday , November 8 2024
The Socket Research Team has discovered a malicious package named "fabrice," pretending to be the legitimate fabric SSH automation library....
Read More
Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

CISA alerts active exploitation of Palo Alto networks vuln

By infosecbulletin / Friday , November 8 2024
CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due...
Read More
CISA alerts active exploitation of Palo Alto networks vuln

ALSO READ:

TeamTNT Using NVIDIA Drivers to Mine Cryptocurrency

CyberPower’s PowerPanel Enterprise DCIM has been discovered to have multiple vulnerabilities, including three authentication bypass flaws (CVE-2023-3264, CVE-2023-3265, CVE-2023-3266) and an OS command injection bug that makes it susceptible to authenticated Remote Code Execution (RCE) (CVE-2023-3267).

There are several vulnerabilities in the Dataprobe iBoot PDU that can be exploited in various ways. These vulnerabilities include the ability to bypass authentication (CVE-2023-3259, CVE-2023-3263), execute authenticated remote code via OS command injection (CVE-2023-3260), cause a denial of service (CVE-2023-3261), and manipulate the internal Postgres database (CVE-2023-3262).

This year’s DEF CON researchers have revealed further information.

CyberPower and Dataprobe have both recently launched updates addressing these vulnerabilities. We strongly recommend that customers update to version 2.6.9 of the PowerPanel Enterprise software and install the latest 1.44.08042023 version of the Dataprobe iBoot PDU firmware.

Check Also

ransomhub

RansomHub Targets Bangladeshi Confidence Group

RansomHub targets Bangladeshi Confidence group of companies limited. The rapidly growing RansomHub ransomware group set …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin