Vulnerability Details : CVE-2023-3259
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
Products affected by CVE-2023-3259
- cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3259
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3259
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Trellix |
CWE ids for CVE-2023-3259
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by:
- nvd@nist.gov (Primary)
- trellixpsirt@trellix.com (Secondary)
References for CVE-2023-3259
-
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the PowerVendor Advisory
Jump to