Two widely used data center solutions, CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU), have been found to have significant security vulnerabilities by researchers.
By exploiting these vulnerabilities consecutively, an attacker could obtain complete control over these systems, giving them the ability to cause significant harm. Trellix researchers have noted that both products are susceptible to remote code injection, which could potentially enable the creation of a backdoor or serve as an entry point to the larger network of connected data center devices and enterprise systems.
By infosecbulletin
/ Tuesday , September 10 2024
Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Read More
By infosecbulletin
/ Monday , September 9 2024
Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands...
Read More
By infosecbulletin
/ Sunday , September 8 2024
Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
Read More
By infosecbulletin
/ Thursday , September 5 2024
CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
By infosecbulletin
/ Wednesday , September 4 2024
OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
By infosecbulletin
/ Wednesday , September 4 2024
Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
By infosecbulletin
/ Tuesday , September 3 2024
VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
By infosecbulletin
/ Tuesday , September 3 2024
US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
ALSO READ:
TeamTNT Using NVIDIA Drivers to Mine Cryptocurrency
CyberPower’s PowerPanel Enterprise DCIM has been discovered to have multiple vulnerabilities, including three authentication bypass flaws (CVE-2023-3264, CVE-2023-3265, CVE-2023-3266) and an OS command injection bug that makes it susceptible to authenticated Remote Code Execution (RCE) (CVE-2023-3267).
There are several vulnerabilities in the Dataprobe iBoot PDU that can be exploited in various ways. These vulnerabilities include the ability to bypass authentication (CVE-2023-3259, CVE-2023-3263), execute authenticated remote code via OS command injection (CVE-2023-3260), cause a denial of service (CVE-2023-3261), and manipulate the internal Postgres database (CVE-2023-3262).
This year’s DEF CON researchers have revealed further information.
CyberPower and Dataprobe have both recently launched updates addressing these vulnerabilities. We strongly recommend that customers update to version 2.6.9 of the PowerPanel Enterprise software and install the latest 1.44.08042023 version of the Dataprobe iBoot PDU firmware.