CVE-2023-3259

CRITICAL

Dataprobe Iboot-pdu4a-c10 Firmware - Insecure Deserialization

Title source: rule

Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information

References (1)

[Vendor Advisory] https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

Scores

CVSS v3 9.8

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (22)

dataprobe/iboot-pdu4a-c10_firmware < 1.44.0804202

dataprobe/iboot-pdu4a-c20_firmware < 1.44.0804202

dataprobe/iboot-pdu4a-n15_firmware < 1.44.0804202

dataprobe/iboot-pdu4a-n20_firmware < 1.44.0804202

dataprobe/iboot-pdu4-c20_firmware < 1.44.0804202

dataprobe/iboot-pdu4-n20_firmware < 1.44.0804202

dataprobe/iboot-pdu4sa-c10_firmware < 1.44.0804202

dataprobe/iboot-pdu4sa-c20_firmware < 1.44.0804202

dataprobe/iboot-pdu4sa-n15_firmware < 1.44.0804202

dataprobe/iboot-pdu4sa-n20_firmware < 1.44.0804202

dataprobe/iboot-pdu8a-2c10_firmware < 1.44.0804202

dataprobe/iboot-pdu8a-2c20_firmware < 1.44.0804202

dataprobe/iboot-pdu8a-2n15_firmware < 1.44.0804202

dataprobe/iboot-pdu8a-2n20_firmware < 1.44.0804202

dataprobe/iboot-pdu8a-c10_firmware < 1.44.0804202

... and 7 more

Timeline

Published Aug 14, 2023

Tracked Since Feb 18, 2026