CVE-2023-3263

EPSS 0.07%
Veröffentlicht 14.08.2023 05:15:09
Zuletzt bearbeitet 21.11.2024 08:16:49
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dataprobe ≫ Iboot-pdu4a-c10 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4a-c10 Version-

Dataprobe ≫ Iboot-pdu4a-c20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4a-c20 Version-

Dataprobe ≫ Iboot-pdu4a-n15 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4a-n15 Version-

Dataprobe ≫ Iboot-pdu4a-n20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4a-n20 Version-

Dataprobe ≫ Iboot-pdu4-c20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4-c20 Version-

Dataprobe ≫ Iboot-pdu4-n20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4-n20 Version-

Dataprobe ≫ Iboot-pdu4sa-c10 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4sa-c10 Version-

Dataprobe ≫ Iboot-pdu4sa-c20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4sa-c20 Version-

Dataprobe ≫ Iboot-pdu4sa-n15 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4sa-n15 Version-

Dataprobe ≫ Iboot-pdu4sa-n20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu4sa-n20 Version-

Dataprobe ≫ Iboot-pdu8a-2c10 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-2c10 Version-

Dataprobe ≫ Iboot-pdu8a-2c20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-2c20 Version-

Dataprobe ≫ Iboot-pdu8a-2n15 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-2n15 Version-

Dataprobe ≫ Iboot-pdu8a-2n20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-2n20 Version-

Dataprobe ≫ Iboot-pdu8a-c10 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-c10 Version-

Dataprobe ≫ Iboot-pdu8a-c20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-c20 Version-

Dataprobe ≫ Iboot-pdu8a-n15 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-n15 Version-

Dataprobe ≫ Iboot-pdu8a-n20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8a-n20 Version-

Dataprobe ≫ Iboot-pdu8sa-2n15 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8sa-2n15 Version-

Dataprobe ≫ Iboot-pdu8sa-c10 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8sa-c10 Version-

Dataprobe ≫ Iboot-pdu8sa-n15 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8sa-n15 Version-

Dataprobe ≫ Iboot-pdu8sa-n20 Firmware Version < 1.44.0804202

Dataprobe ≫ Iboot-pdu8sa-n20 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.225

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
trellixpsirt@trellix.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-289 Authentication Bypass by Alternate Name

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3263

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3263