Lucene search

[email protected]NVD:CVE-2023-3264

HistoryAug 14, 2023 - 5:15 a.m.

CVE-2023-3264

2023-08-1405:15:09

CWE-798

[email protected]

web.nvd.nist.gov

dataprobe iboot pdu

hard-coded credentials

postgres database

firmware vulnerability

operating system commands

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.003

Percentile

71.2%

JSON

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

Affected configurations

Nvd

Node

cyberpowerpowerpanel_serverRange<2.6.9enterprise

Node

dataprobeiboot-pdu4a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c10Match-

Node

dataprobeiboot-pdu4a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-c20Match-

Node

dataprobeiboot-pdu4a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n15Match-

Node

dataprobeiboot-pdu4a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4a-n20Match-

Node

dataprobeiboot-pdu4-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-c20Match-

Node

dataprobeiboot-pdu4-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4-n20Match-

Node

dataprobeiboot-pdu4sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c10Match-

Node

dataprobeiboot-pdu4sa-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-c20Match-

Node

dataprobeiboot-pdu4sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n15Match-

Node

dataprobeiboot-pdu4sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu4sa-n20Match-

Node

dataprobeiboot-pdu8a-2c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c10Match-

Node

dataprobeiboot-pdu8a-2c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2c20Match-

Node

dataprobeiboot-pdu8a-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n15Match-

Node

dataprobeiboot-pdu8a-2n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-2n20Match-

Node

dataprobeiboot-pdu8a-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c10Match-

Node

dataprobeiboot-pdu8a-c20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-c20Match-

Node

dataprobeiboot-pdu8a-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n15Match-

Node

dataprobeiboot-pdu8a-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8a-n20Match-

Node

dataprobeiboot-pdu8sa-2n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-2n15Match-

Node

dataprobeiboot-pdu8sa-c10_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-c10Match-

Node

dataprobeiboot-pdu8sa-n15_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n15Match-

Node

dataprobeiboot-pdu8sa-n20_firmwareRange<1.44.0804202

AND

dataprobeiboot-pdu8sa-n20Match-

VendorProductVersionCPE
cyberpowerpowerpanel_server*cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:*
dataprobeiboot-pdu4a-c10_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-c10-cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-c20_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-c20-cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n15_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n15-cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n20_firmware*cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*
dataprobeiboot-pdu4a-n20-cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*
dataprobeiboot-pdu4-c20_firmware*cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cyberpower	powerpanel_server	*	cpe:2.3:a:cyberpower:powerpanel_server:::::enterprise:::*
dataprobe	iboot-pdu4a-c10_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware::::::::
dataprobe	iboot-pdu4a-c10	-	cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:::::::*
dataprobe	iboot-pdu4a-c20_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware::::::::
dataprobe	iboot-pdu4a-c20	-	cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:::::::*
dataprobe	iboot-pdu4a-n15_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware::::::::
dataprobe	iboot-pdu4a-n15	-	cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:::::::*
dataprobe	iboot-pdu4a-n20_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware::::::::
dataprobe	iboot-pdu4a-n20	-	cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:::::::*
dataprobe	iboot-pdu4-c20_firmware	*	cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware::::::::