Lucene search

TrellixCVE-2023-3261

HistoryAug 14, 2023 - 4:15 a.m.

CVE-2023-3261

2023-08-1404:15:10

CWE-78

CWE-119

trellix

web.nvd.nist.gov

dataprobe iboot pdu

firmware

buffer overflow

vulnerability

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.

Affected configurations

Nvd

Node

cyberpowerpowerpanel_serverRange<2.6.9enterprise

Node

dataprobeiboot-pdu4a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c10Match-

Node

dataprobeiboot-pdu4a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c20Match-

Node

dataprobeiboot-pdu4a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n15Match-

Node

dataprobeiboot-pdu4a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n20Match-

Node

dataprobeiboot-pdu4-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-c20Match-

Node

dataprobeiboot-pdu4-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-n20Match-

Node

dataprobeiboot-pdu4sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c10Match-

Node

dataprobeiboot-pdu4sa-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c20Match-

Node

dataprobeiboot-pdu4sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n15Match-

Node

dataprobeiboot-pdu4sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n20Match-

Node

dataprobeiboot-pdu8a-2c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c10Match-

Node

dataprobeiboot-pdu8a-2c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c20Match-

Node

dataprobeiboot-pdu8a-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n15Match-

Node

dataprobeiboot-pdu8a-2n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n20Match-

Node

dataprobeiboot-pdu8a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c10Match-

Node

dataprobeiboot-pdu8a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c20Match-

Node

dataprobeiboot-pdu8a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n15Match-

Node

dataprobeiboot-pdu8a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n20Match-

Node

dataprobeiboot-pdu8sa-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-2n15Match-

Node

dataprobeiboot-pdu8sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-c10Match-

Node

dataprobeiboot-pdu8sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n15Match-

Node

dataprobeiboot-pdu8sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n20Match-

VendorProductVersionCPE
cyberpowerpowerpanel_server*cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:*
dataprobeiboot-pdu4a-c10_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-c10-cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-c20_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-c20-cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n15_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n15-cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n20_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n20-cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4-c20_firmware*cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cyberpower	powerpanel_server	*	cpe:2.3:a:cyberpower:powerpanel_server:::::enterprise:::*
dataprobe	iboot-pdu4a-c10_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware::::::::
dataprobe	iboot-pdu4a-c10	-	cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:::::::*
dataprobe	iboot-pdu4a-c20_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware::::::::
dataprobe	iboot-pdu4a-c20	-	cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:::::::*
dataprobe	iboot-pdu4a-n15_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware::::::::
dataprobe	iboot-pdu4a-n15	-	cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:::::::*
dataprobe	iboot-pdu4a-n20_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware::::::::
dataprobe	iboot-pdu4a-n20	-	cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:::::::*
dataprobe	iboot-pdu4-c20_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware::::::::

Rows per page:

1-10 of 451

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "iBoot PDU",
    "vendor": "Dataprobe",
    "versions": [
      {
        "lessThanOrEqual": "<= 1.43.03312023",
        "status": "affected",
        "version": "1.43.03312023",
        "versionType": "custom"
      }
    ]
  }
]

References

www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Related for CVE-2023-3261