The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
References
Link | Resource |
---|---|
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
Configuration 21 (hide)
AND |
|
Configuration 22 (hide)
AND |
|
History
22 Aug 2023, 16:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CWE | CWE-798 | |
References | (MISC) https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html - Vendor Advisory | |
First Time |
Dataprobe iboot-pdu8a-n15 Firmware
Dataprobe iboot-pdu8a-2n20 Firmware Dataprobe iboot-pdu4sa-n20 Dataprobe iboot-pdu8a-2c20 Firmware Dataprobe iboot-pdu4sa-c10 Firmware Dataprobe iboot-pdu4a-c10 Dataprobe iboot-pdu8a-2c10 Firmware Dataprobe iboot-pdu4sa-n20 Firmware Dataprobe iboot-pdu4sa-c10 Dataprobe iboot-pdu8a-2n20 Dataprobe iboot-pdu8a-n20 Dataprobe iboot-pdu4sa-c20 Dataprobe iboot-pdu4a-n15 Firmware Dataprobe iboot-pdu8a-n20 Firmware Dataprobe iboot-pdu8sa-n20 Dataprobe iboot-pdu8sa-2n15 Firmware Dataprobe iboot-pdu8sa-n15 Firmware Dataprobe iboot-pdu4sa-c20 Firmware Dataprobe iboot-pdu4a-c20 Firmware Dataprobe iboot-pdu4sa-n15 Dataprobe Dataprobe iboot-pdu8a-2c20 Dataprobe iboot-pdu8sa-c10 Firmware Dataprobe iboot-pdu8a-c10 Dataprobe iboot-pdu8sa-2n15 Dataprobe iboot-pdu8sa-n15 Dataprobe iboot-pdu8a-c10 Firmware Dataprobe iboot-pdu8sa-c10 Dataprobe iboot-pdu8a-2n15 Dataprobe iboot-pdu8sa-n20 Firmware Dataprobe iboot-pdu4a-n20 Dataprobe iboot-pdu8a-c20 Firmware Dataprobe iboot-pdu8a-c20 Dataprobe iboot-pdu8a-2n15 Firmware Dataprobe iboot-pdu8a-2c10 Dataprobe iboot-pdu4a-n15 Dataprobe iboot-pdu4-c20 Dataprobe iboot-pdu4a-n20 Firmware Dataprobe iboot-pdu4-n20 Dataprobe iboot-pdu4sa-n15 Firmware Dataprobe iboot-pdu4a-c20 Dataprobe iboot-pdu4-c20 Firmware Dataprobe iboot-pdu8a-n15 Dataprobe iboot-pdu4-n20 Firmware Dataprobe iboot-pdu4a-c10 Firmware |
14 Aug 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 04:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-3262
Mitre link : CVE-2023-3262
CVE.ORG link : CVE-2023-3262
JSON object : View
Products Affected
dataprobe
- iboot-pdu4a-c20_firmware
- iboot-pdu8sa-n15
- iboot-pdu8a-2n20
- iboot-pdu8a-n20
- iboot-pdu4a-n15
- iboot-pdu4sa-n15_firmware
- iboot-pdu8a-n15
- iboot-pdu8a-c20_firmware
- iboot-pdu8sa-c10
- iboot-pdu8sa-n20_firmware
- iboot-pdu4sa-c10
- iboot-pdu4sa-n20
- iboot-pdu4a-c10
- iboot-pdu4sa-n15
- iboot-pdu8a-2c20
- iboot-pdu8sa-c10_firmware
- iboot-pdu4a-c10_firmware
- iboot-pdu4a-n15_firmware
- iboot-pdu8a-n15_firmware
- iboot-pdu8a-2c10_firmware
- iboot-pdu4sa-n20_firmware
- iboot-pdu4sa-c10_firmware
- iboot-pdu8a-c20
- iboot-pdu8sa-2n15_firmware
- iboot-pdu8a-2n15
- iboot-pdu4a-n20_firmware
- iboot-pdu4-n20
- iboot-pdu4a-n20
- iboot-pdu8sa-2n15
- iboot-pdu4a-c20
- iboot-pdu8a-n20_firmware
- iboot-pdu8a-2c10
- iboot-pdu8sa-n15_firmware
- iboot-pdu4-c20
- iboot-pdu8a-2n20_firmware
- iboot-pdu4sa-c20
- iboot-pdu4-c20_firmware
- iboot-pdu8a-2c20_firmware
- iboot-pdu4-n20_firmware
- iboot-pdu8a-2n15_firmware
- iboot-pdu8a-c10
- iboot-pdu4sa-c20_firmware
- iboot-pdu8a-c10_firmware
- iboot-pdu8sa-n20
CWE
CWE-798
Use of Hard-coded Credentials