Trellix researchers discovered nine vulnerabilities in CyberPower’s PowerPanel Enterprise data center power management software and Dataprobe’s iBoot power distribution unit (PDU). The vulnerabilities could allow threat actors to spy on organizations, cause significant damage, and even gain full access to the targeted system.
The four CyberPower Powerpanel Enterprise vulnerabilities included authentication bypass and OS command injection issues. The five Dataprobe iBoot PDU vulnerabilities featured these same problems, as well as OS command injection and denial-of-service issues. Trellix described how threat actors could leverage these vulnerabilities to disrupt data center operations for days or manipulate power management to damage hardware devices. Both CyberPower and Dataprobe released patches after Trellix notified the vendors of these issues.
Read More: