Lucene search

[email protected]NVD:CVE-2023-3260

HistoryAug 14, 2023 - 4:15 a.m.

CVE-2023-3260

2023-08-1404:15:10

CWE-78

[email protected]

web.nvd.nist.gov

dataprobe iboot

pdu

command injection

firmware vulnerability

linux operating system

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

JSON

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the user-name URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.

Affected configurations

NVD

Node

cyberpowerpowerpanel_serverRange<2.6.9enterprise

Node

dataprobeiboot-pdu4a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c10Match-

Node

dataprobeiboot-pdu4a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c20Match-

Node

dataprobeiboot-pdu4a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n15Match-

Node

dataprobeiboot-pdu4a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n20Match-

Node

dataprobeiboot-pdu4-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-c20Match-

Node

dataprobeiboot-pdu4-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-n20Match-

Node

dataprobeiboot-pdu4sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c10Match-

Node

dataprobeiboot-pdu4sa-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c20Match-

Node

dataprobeiboot-pdu4sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n15Match-

Node

dataprobeiboot-pdu4sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n20Match-

Node

dataprobeiboot-pdu8a-2c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c10Match-

Node

dataprobeiboot-pdu8a-2c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c20Match-

Node

dataprobeiboot-pdu8a-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n15Match-

Node

dataprobeiboot-pdu8a-2n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n20Match-

Node

dataprobeiboot-pdu8a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c10Match-

Node

dataprobeiboot-pdu8a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c20Match-

Node

dataprobeiboot-pdu8a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n15Match-

Node

dataprobeiboot-pdu8a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n20Match-

Node

dataprobeiboot-pdu8sa-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-2n15Match-

Node

dataprobeiboot-pdu8sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-c10Match-

Node

dataprobeiboot-pdu8sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n15Match-

Node

dataprobeiboot-pdu8sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n20Match-

References

www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

JSON

Related for NVD:CVE-2023-3260

cvelist1 prion1 cve1 trellix2 thn1