CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
46.7%
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the user-name
URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.
Vendor | Product | Version | CPE |
---|---|---|---|
cyberpower | powerpanel_server | * | cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:* |
dataprobe | iboot-pdu4a-c10_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-c10 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-c20_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-c20 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n15_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n15 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n20_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n20 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4-c20_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
46.7%