The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
dataprobe iboot-pdu4a-c10 firmware |
||
dataprobe iboot-pdu4a-c20 firmware |
||
dataprobe iboot-pdu4a-n15 firmware |
||
dataprobe iboot-pdu4a-n20 firmware |
||
dataprobe iboot-pdu4-c20 firmware |
||
dataprobe iboot-pdu4-n20 firmware |
||
dataprobe iboot-pdu4sa-c10 firmware |
||
dataprobe iboot-pdu4sa-c20 firmware |
||
dataprobe iboot-pdu4sa-n15 firmware |
||
dataprobe iboot-pdu4sa-n20 firmware |
||
dataprobe iboot-pdu8a-2c10 firmware |
||
dataprobe iboot-pdu8a-2c20 firmware |
||
dataprobe iboot-pdu8a-2n15 firmware |
||
dataprobe iboot-pdu8a-2n20 firmware |
||
dataprobe iboot-pdu8a-c10 firmware |
||
dataprobe iboot-pdu8a-c20 firmware |
||
dataprobe iboot-pdu8a-n15 firmware |
||
dataprobe iboot-pdu8a-n20 firmware |
||
dataprobe iboot-pdu8sa-2n15 firmware |
||
dataprobe iboot-pdu8sa-c10 firmware |
||
dataprobe iboot-pdu8sa-n15 firmware |
||
dataprobe iboot-pdu8sa-n20 firmware |
Vulmon