CVE-2023-3264

CVSS V2 None CVSS V3 None

Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

Overview

CVE ID
CVE-2023-3264

Assigner
trellixpsirt@trellix.com

Vulnerability Status
Modified

Published Version
2023-08-14T05:15:09

Last Modified Date
2023-08-25T06:15:10

Weakness Enumerations

CWE	URL
CWE-798	http://cwe.mitre.org/data/definitions/798.html
CWE-798	http://cwe.mitre.org/data/definitions/798.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:cyberpower:powerpanel_server:::::enterprise:::*	1	OR	2.6.9
		AND
cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:::::::*	0	OR
		AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware::::::::	1	OR	1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-3264
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3264

History

Created	Old Value	New Value	Data Type	Notes
2023-09-06 03:41:25				Added to TrackCVE
2023-09-06 03:41:27			Weakness Enumeration	new