Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Dataprobe 代码问题漏洞
Vulnerability Description
Dataprobe是美国Dataprobe公司的一系列智能电源开关和管理产品。 Dataprobe iBoot PDU 1.43.03312023 及之前版本存在安全漏洞,该漏洞源于Dataprobe iBoot PDU 存在不受信任数据的反序列化,容易身份验证绕过,攻击者利用该漏洞可以操纵iBootPduSiteAuth cookie 中的 IP 地址字段,引导设备连接到恶意数据库,操纵功率级别、 修改用户账户、导出用户机密信息。
CVSS Information
N/A
Vulnerability Type
N/A