Lucene search

[email protected]NVD:CVE-2023-3261

HistoryAug 14, 2023 - 4:15 a.m.

CVE-2023-3261

2023-08-1404:15:10

CWE-119

CWE-78

[email protected]

web.nvd.nist.gov

dataprobe iboot pdu

firmware buffer overflow

cve-2023-3261

denial of service

web server_interaction

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.6%

JSON

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.

Affected configurations

NVD

Node

cyberpowerpowerpanel_serverRange<2.6.9enterprise

Node

dataprobeiboot-pdu4a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c10Match-

Node

dataprobeiboot-pdu4a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c20Match-

Node

dataprobeiboot-pdu4a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n15Match-

Node

dataprobeiboot-pdu4a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n20Match-

Node

dataprobeiboot-pdu4-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-c20Match-

Node

dataprobeiboot-pdu4-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-n20Match-

Node

dataprobeiboot-pdu4sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c10Match-

Node

dataprobeiboot-pdu4sa-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c20Match-

Node

dataprobeiboot-pdu4sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n15Match-

Node

dataprobeiboot-pdu4sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n20Match-

Node

dataprobeiboot-pdu8a-2c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c10Match-

Node

dataprobeiboot-pdu8a-2c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c20Match-

Node

dataprobeiboot-pdu8a-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n15Match-

Node

dataprobeiboot-pdu8a-2n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n20Match-

Node

dataprobeiboot-pdu8a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c10Match-

Node

dataprobeiboot-pdu8a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c20Match-

Node

dataprobeiboot-pdu8a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n15Match-

Node

dataprobeiboot-pdu8a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n20Match-

Node

dataprobeiboot-pdu8sa-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-2n15Match-

Node

dataprobeiboot-pdu8sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-c10Match-

Node

dataprobeiboot-pdu8sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n15Match-

Node

dataprobeiboot-pdu8sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n20Match-

References

www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.6%

JSON

Related for NVD:CVE-2023-3261

cve1 prion1 cvelist1 trellix2 thn1