CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
71.2%
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
Vendor | Product | Version | CPE |
---|---|---|---|
cyberpower | powerpanel_server | * | cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:* |
dataprobe | iboot-pdu4a-c10_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-c10 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-c20_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-c20 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n15_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n15 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n20_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4a-n20 | - | cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:* |
dataprobe | iboot-pdu4-c20_firmware | * | cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
71.2%