CVE-2023-3263

Name of the Vulnerable Software and Affected Versions Dataprobe iBoot PDU version 1.43.03312023 or earlier

Description The issue concerns authentication bypass in the REST API due to the mishandling of special characters when parsing credentials. Successful exploitation allows a malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.

Recommendations For version 1.43.03312023 or earlier, consider disabling the REST API until a patch is available to prevent exploitation. Restrict access to the API endpoints to minimize the risk of unauthorized access. Avoid using special characters in credentials for the affected API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.