CVE-2023-3259

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information

*Credits: Philippe Laulheret

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-06-15 CVE Reserved
2023-08-14 CVE Published
2024-08-20 EPSS Updated
2024-10-09 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

CAPEC-233: Privilege Escalation

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html	2023-08-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-c10 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4a-c10 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4a-c10 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-c10 Search vendor "Dataprobe" for product "Iboot-pdu4a-c10"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-c20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4a-c20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4a-c20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-c20 Search vendor "Dataprobe" for product "Iboot-pdu4a-c20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4a-n15 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4a-n15 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-n15 Search vendor "Dataprobe" for product "Iboot-pdu4a-n15"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4a-n20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4a-n20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4a-n20 Search vendor "Dataprobe" for product "Iboot-pdu4a-n20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4-c20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4-c20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4-c20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4-c20 Search vendor "Dataprobe" for product "Iboot-pdu4-c20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4-n20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4-n20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4-n20 Search vendor "Dataprobe" for product "Iboot-pdu4-n20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-c10 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4sa-c10 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4sa-c10 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-c10 Search vendor "Dataprobe" for product "Iboot-pdu4sa-c10"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-c20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4sa-c20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4sa-c20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-c20 Search vendor "Dataprobe" for product "Iboot-pdu4sa-c20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4sa-n15 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n15 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-n15 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n15"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4sa-n20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu4sa-n20 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2c10 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-2c10 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-2c10 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2c10 Search vendor "Dataprobe" for product "Iboot-pdu8a-2c10"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2c20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-2c20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-2c20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2c20 Search vendor "Dataprobe" for product "Iboot-pdu8a-2c20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-2n15 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n15 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2n15 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n15"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-2n20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-2n20 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-c10 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-c10 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-c10 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-c10 Search vendor "Dataprobe" for product "Iboot-pdu8a-c10"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-c20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-c20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-c20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-c20 Search vendor "Dataprobe" for product "Iboot-pdu8a-c20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-n15 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-n15 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-n15 Search vendor "Dataprobe" for product "Iboot-pdu8a-n15"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-n20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8a-n20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8a-n20 Search vendor "Dataprobe" for product "Iboot-pdu8a-n20"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-2n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8sa-2n15 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8sa-2n15 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-2n15 Search vendor "Dataprobe" for product "Iboot-pdu8sa-2n15"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-c10 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8sa-c10 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8sa-c10 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-c10 Search vendor "Dataprobe" for product "Iboot-pdu8sa-c10"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8sa-n15 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n15 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-n15 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n15"	-	-	Safe
Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8sa-n20 Firmware"	< 1.44.0804202 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n20 Firmware" and version " < 1.44.0804202"	-	Affected	in	Dataprobe Search vendor "Dataprobe"	Iboot-pdu8sa-n20 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n20"	-	-	Safe