CVE-2023-3259

Name of the Vulnerable Software and Affected Versions Dataprobe iBoot PDU version 1.43.03312023 or earlier

Description The issue allows a malicious agent to bypass authentication by manipulating the IP address field in the iBootPduSiteAuth cookie, directing the device to connect to a rogue database. Successful exploitation enables the malicious agent to take actions with administrator privileges, including manipulating power levels, modifying user accounts, and exporting confidential user information.

Recommendations For Dataprobe iBoot PDU version 1.43.03312023 or earlier, as a temporary workaround, consider restricting access to the iBootPduSiteAuth cookie to minimize the risk of exploitation. Additionally, avoid using the IP address field in the iBootPduSiteAuth cookie until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.