HIGH🇬🇧 English

CVE-2023-3260

CVSS 7.2v3.1pub. 2023-08-14upd. 2024-11-21

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Cyberpower Powerpanel Server

    APP
    Cyberpower
    < 2.6.9
  • Dataprobe Iboot Pdu4a C10

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4a C10 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4a C20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4a C20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4a N15

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4a N15 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4a N20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4a N20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4 C20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4 C20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4 N20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4 N20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4sa C10

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4sa C10 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4sa C20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4sa C20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4sa N15

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4sa N15 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu4sa N20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu4sa N20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu8a 2c10

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu8a 2c10 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu8a 2c20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu8a 2c20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu8a 2n15

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu8a 2n15 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu8a 2n20

    HW
    Dataprobe
    wszystkie wersje
  • Dataprobe Iboot Pdu8a 2n20 Firmware

    OS
    Dataprobe
    < 1.44.0804202
  • Dataprobe Iboot Pdu8a C10

    HW
    Dataprobe
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2023-3266CRITICAL9.8ten sam produkt

A non-feature complete authentication mechanism exists in the production application allowing an attacker to b...

CVE-2023-3267CRITICAL9.1ten sam produkt

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the usernam...

CVE-2023-3265CRITICAL9.8ten sam produkt

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters fro...

CVE-2023-3259CRITICAL9.8ten sam produkt

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypa...

CVE-2022-3183CRITICAL9.8ten sam produkt

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does ...