Researchers have discovered significant security vulnerabilities in two well-known data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). These findings highlight potential security risks associated with widely utilized data center systems.
“An attacker could use all of these flaws together to get full access to these systems, which could be used to do a lot of damage on its own.” Trellix researchers pointed out that both products exhibit susceptibility to remote code injection. This vulnerability could potentially serve as a means to create a backdoor or entry point into the broader network of interconnected data center devices and enterprise systems.
[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing
Addressing the Vulnerabilities
CyberPower’s PowerPanel Enterprise DCIM exhibited three security bypass vulnerabilities (CVE-2023-3264, CVE-2023-3265, and CVE-2023-3266), in addition to an OS command injection flaw that could potentially result in authenticated Remote Code Execution (RCE) (CVE-2023-3267).
In the case of Dataprobe iBoot PDU, identified weaknesses encompass the ability to circumvent authentication (CVE-2023-3259, CVE-2023-3263), achieve authenticated RCE through OS command injection (CVE-2023-3260), initiate Denial of Service (DOS) attacks (CVE-2023-3261), and modify the internal Postgres database (CVE-2023-3262).
During this year’s DEF CON, experts delved further into additional information related to the subject.
Implications of Exploiting These Vulnerabilities
By exploiting these vulnerabilities, malicious actors gain entry into data centers through various means and with diverse motives. They could potentially:
Disrupt operations and harm hardware by interrupting power to devices connected to a PDU.
Establish a backdoor within the data center, facilitating the injection of malware for purposes such as executing ransomware, launching Distributed Denial of Service (DDoS) attacks, or initiating wiper attacks.
Leveraging these vulnerabilities to conduct surveillance on other computers is also a possible consequence.
The researchers emphasized, “A vulnerability on a single data center management platform or device can quickly lead to a full compromise of the internal network and give threat actors a place to start attacking any connected cloud infrastructure.”
“We are lucky to have found these flaws early before they were used maliciously in the wild.”
Both CyberPower and Dataprobe have taken prompt action by releasing updates to address these issues. Customers are strongly advised to update their PowerPanel Enterprise software to the latest version, 2.6.9, and ensure that their Dataprobe iBoot PDU firmware is updated to version 1.44.08042023. These updates are critical to enhancing the security posture and safeguarding the integrity of these systems.
Furthermore, Trellix researchers advise customers to refrain from connecting these platforms or devices to the internet. They recommend changing the passwords of all user accounts and purging any potentially leaked private data from these devices. Additionally, customers are encouraged to subscribe to notifications pertaining to security updates directly from the vendor. These precautions are essential to bolstering the security stance and minimizing potential risks associated with these systems.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.