Multiple security vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments.
The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry severity scores ranging from 6.7 to 9.8, enabling threat actors to shut down entire data centers and compromise data center deployments to steal data or launch massive attacks at a massive scale.
“An attacker could chain these vulnerabilities together to gain full access to these systems,” Trellix security researchers Sam Quinn, Jesse Chick, and Philippe Laulheret said in a report shared with The Hacker News.
“Furthermore, both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems.”
The findings were presented at the DEFCON security conference today. There is no evidence that these shortcomings were…
