CVE-2023-3260

CVSS V2 None CVSS V3 None
Description
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.
Overview
  • CVE ID
  • CVE-2023-3260
  • Assigner
  • trellixpsirt@trellix.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-08-14T04:15:10
  • Last Modified Date
  • 2023-08-25T05:15:45
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:* 1 OR 2.6.9
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2023-09-06 03:41:05 Added to TrackCVE
2023-09-06 03:41:07 Weakness Enumeration new