Sunday , October 6 2024

Major vulnerabilities discovered in data center solutions

infosecbulletin Sunday , August 20 2023 National

Two widely used data center solutions, CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU), have been found to have significant security vulnerabilities by researchers.

By exploiting these vulnerabilities consecutively, an attacker could obtain complete control over these systems, giving them the ability to cause significant harm. Trellix researchers have noted that both products are susceptible to remote code injection, which could potentially enable the creation of a backdoor or serve as an entry point to the larger network of connected data center devices and enterprise systems.

First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report

By infosecbulletin / Saturday , October 5 2024
National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational...
Read More
First Half Of 2024 Report Bangladeshi 32.4% government websites face cyber attack: NAS report

Prince Ransomware Hits UK and US

By infosecbulletin / Saturday , October 5 2024
A new ransomware campaign is targeting individuals and organizations in the UK and US. The "Prince Ransomware" attack uses a...
Read More
Prince Ransomware Hits UK and US

CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

By infosecbulletin / Friday , October 4 2024
CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM)....
Read More
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

A summary of “2024 State of Cybersecurity survey” by ISACA

By infosecbulletin / Friday , October 4 2024
ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago....
Read More
A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA reveals
64% of Australian cybersecurity professionals feel increasing stress

By infosecbulletin / Friday , October 4 2024
A recent study by ISACA shows that almost two-thirds of cybersecurity professionals report increasing job stress. The 2024 State of...
Read More
ISACA reveals 64% of Australian cybersecurity professionals feel increasing stress

Researchers detected 31 new Malware in September

By infosecbulletin / Friday , October 4 2024
In September, cybersecurity experts discovered 31 new ransomware variants that threaten individuals and businesses. These programs encrypt valuable data, making...
Read More
Researchers detected 31 new Malware in September

CRI Release New Ransomware Response Guidance

By infosecbulletin / Thursday , October 3 2024
New guidance on ransomware, released during this week's International Counter Ransomware Initiative (CRI) meeting, encourages victims to report attacks to...
Read More
CRI Release New Ransomware Response Guidance

ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws

By infosecbulletin / Thursday , October 3 2024
Over 14 new security flaws have been found in DrayTek routers for homes and businesses, which could allow attackers to...
Read More
ALERT Over 700,000 Routers Vulnerable to Hack for 14 security flaws

Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching

By infosecbulletin / Wednesday , October 2 2024
Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted...
Read More
Patch it now! Critical Zimbra RCE flaw exploited: Needs Immediate Patching

CISA Warns
Network switch RCE flaw impacts critical infrastructure

By infosecbulletin / Wednesday , October 2 2024
CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code...
Read More
CISA Warns Network switch RCE flaw impacts critical infrastructure

ALSO READ:

TeamTNT Using NVIDIA Drivers to Mine Cryptocurrency

CyberPower’s PowerPanel Enterprise DCIM has been discovered to have multiple vulnerabilities, including three authentication bypass flaws (CVE-2023-3264, CVE-2023-3265, CVE-2023-3266) and an OS command injection bug that makes it susceptible to authenticated Remote Code Execution (RCE) (CVE-2023-3267).

There are several vulnerabilities in the Dataprobe iBoot PDU that can be exploited in various ways. These vulnerabilities include the ability to bypass authentication (CVE-2023-3259, CVE-2023-3263), execute authenticated remote code via OS command injection (CVE-2023-3260), cause a denial of service (CVE-2023-3261), and manipulate the internal Postgres database (CVE-2023-3262).

This year’s DEF CON researchers have revealed further information.

CyberPower and Dataprobe have both recently launched updates addressing these vulnerabilities. We strongly recommend that customers update to version 2.6.9 of the PowerPanel Enterprise software and install the latest 1.44.08042023 version of the Dataprobe iBoot PDU firmware.

Check Also

CISCO

Registration for the Cisco IoT Hackathon is now open

The Cisco IoT Hackathon 2024 aims to engage students in IoT projects and research. It …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin