Lucene search

[email protected]NVD:CVE-2023-3263

HistoryAug 14, 2023 - 5:15 a.m.

CVE-2023-3263

2023-08-1405:15:09

CWE-287

CWE-289

[email protected]

web.nvd.nist.gov

dataprobe iboot pdu

firmware

vulnerability

authentication bypass

rest api

special characters

credentials

exploitation

authorization token

relays

power distribution

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.

Affected configurations

NVD

Node

dataprobeiboot-pdu4a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c10Match-

Node

dataprobeiboot-pdu4a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c20Match-

Node

dataprobeiboot-pdu4a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n15Match-

Node

dataprobeiboot-pdu4a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n20Match-

Node

dataprobeiboot-pdu4-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-c20Match-

Node

dataprobeiboot-pdu4-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-n20Match-

Node

dataprobeiboot-pdu4sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c10Match-

Node

dataprobeiboot-pdu4sa-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c20Match-

Node

dataprobeiboot-pdu4sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n15Match-

Node

dataprobeiboot-pdu4sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n20Match-

Node

dataprobeiboot-pdu8a-2c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c10Match-

Node

dataprobeiboot-pdu8a-2c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c20Match-

Node

dataprobeiboot-pdu8a-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n15Match-

Node

dataprobeiboot-pdu8a-2n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n20Match-

Node

dataprobeiboot-pdu8a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c10Match-

Node

dataprobeiboot-pdu8a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c20Match-

Node

dataprobeiboot-pdu8a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n15Match-

Node

dataprobeiboot-pdu8a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n20Match-

Node

dataprobeiboot-pdu8sa-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-2n15Match-

Node

dataprobeiboot-pdu8sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-c10Match-

Node

dataprobeiboot-pdu8sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n15Match-

Node

dataprobeiboot-pdu8sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n20Match-

References

www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

Related for NVD:CVE-2023-3263

cvelist1 prion1 cve1 trellix2 thn1