PT-2023-23915 · Dataprobe · Dataprobe Iboot Pdu
Sam Quinn
·
Publicado
2023-08-13
·
Atualizado
2023-08-25
·
CVE-2023-3262
CVSS v3.1
6.7
Média
| Vetor | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dataprobe iBoot PDU versions 1.43.03312023 and earlier
Description
The issue concerns the use of hard-coded credentials for interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this to read, modify, or delete arbitrary database records.
Recommendations
For versions 1.43.03312023 and earlier, consider disabling access to the internal Postgres database until a patch is available. Restrict the ability to execute operating system commands on the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dataprobe Iboot Pdu