Major vulnerabilities discovered in data center solutions

2023-08-14 10:02

Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower's PowerPanel Enterprise Data Center Infrastructure Management platform and Dataprobe's iBoot Power Distribution Unit.

"An attacker could chain these vulnerabilities together to gain full access to these systems - which alone could be leveraged to commit substantial damage. Furthermore, both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems," Trellix researchers noted.

The vulnerabilities found in CyberPower's PowerPanel Enterprise DCIM include three authentication bypass flaws and an OS command injection bug that could lead to authenticated RCE. The vulnerabilities in Dataprobe iBoot PDU could be exploited to bypass authentication, to achieve authenticated RCE via OS command injection, trigger DOS, and to tamper with the internal Postgres database.

By leveraging these vulnerabilities, threat actors can compromise data centers in numerous ways and with different goals in mind.

"A vulnerability on a single data center management platform or device can quickly lead to a complete compromise of the internal network and give threat actors a foothold to attack any connected cloud infrastructure further," the researchers said.

"We are fortunate enough to have caught these vulnerabilities early - without having discovered any malicious uses in the wild of these exploits."

News URL

https://www.helpnetsecurity.com/2023/08/14/vulnerabilities-data-center-solutions/

#vulnerabilities