CVE-2023-3263

moderate-risk
Published 2023-08-14

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Iboot-Pdu4A-C10 Firmware
Iboot-Pdu4A-C20 Firmware
Iboot-Pdu4A-N15 Firmware
Iboot-Pdu4A-N20 Firmware
Iboot-Pdu4-C20 Firmware
Iboot-Pdu4-N20 Firmware
Iboot-Pdu4Sa-C10 Firmware
Iboot-Pdu4Sa-C20 Firmware
Iboot-Pdu4Sa-N15 Firmware
Iboot-Pdu4Sa-N20 Firmware
Iboot-Pdu8A-2C10 Firmware
Iboot-Pdu8A-2C20 Firmware
Iboot-Pdu8A-2N15 Firmware
Iboot-Pdu8A-2N20 Firmware
Iboot-Pdu8A-C10 Firmware
Iboot-Pdu8A-C20 Firmware
Iboot-Pdu8A-N15 Firmware
Iboot-Pdu8A-N20 Firmware
Iboot-Pdu8Sa-2N15 Firmware
Iboot-Pdu8Sa-C10 Firmware

Affected Vendors

Dataprobe

References (2)

Vendor Advisory https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking...
Vendor Advisory https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking...
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 0/34 · Minimal
Exposure 20/34 · Moderate