CVE-2023-3263 Vulnerability Details

  /     /     /  

CVE-2023-3263 Metadata Quick Info

CVE Published: 14/08/2023 | CVE Updated: 09/10/2024 | CVE Year: 2023
Source: trellix | Vendor: Dataprobe | Product: iBoot PDU
Status : PUBLISHED

---

CVE-2023-3263 Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-289
CWE Name: CWE-289: Authentication Bypass by Alternate Name
Source: Dataprobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-421
CAPEC Description: CAPEC-421 Influence Perception of Authority


Source: NVD (National Vulnerability Database).