CVE-2023-3264

CVSS V2 None CVSS V3 None
Description
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
Overview
  • CVE ID
  • CVE-2023-3264
  • Assigner
  • trellixpsirt@trellix.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-08-14T05:15:09
  • Last Modified Date
  • 2023-08-25T06:15:10
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:* 1 OR 2.6.9
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:* 1 OR 1.44.0804202
cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2023-09-06 03:41:25 Added to TrackCVE
2023-09-06 03:41:27 Weakness Enumeration new