9.8
CVE-2023-3259
- EPSS 0.15%
- Veröffentlicht 14.08.2023 04:15:10
- Zuletzt bearbeitet 21.11.2024 08:16:48
- Quelle trellixpsirt@trellix.com
- CVE-Watchlists
- Unerledigt
LoginThe Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dataprobe ≫ Iboot-pdu4a-c10 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4a-c20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4a-n15 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4a-n20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4-c20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4-n20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4sa-c10 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4sa-c20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4sa-n15 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu4sa-n20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-2c10 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-2c20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-2n15 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-2n20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-c10 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-c20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-n15 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8a-n20 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8sa-2n15 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8sa-c10 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8sa-n15 Firmware Version < 1.44.0804202
Dataprobe ≫ Iboot-pdu8sa-n20 Firmware Version < 1.44.0804202
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.367 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| trellixpsirt@trellix.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.