Pierluigi Paganini August 14, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking.

Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). An attacker could exploit to gain unauthenticated access to these systems and carry out a broad range of malicious activities.

CyberPower is a prominent supplier of data center hardware and infrastructure solutions, with a specific focus on cutting-edge power protection technologies and effective power management systems. The PowerPanel Enterprise DCIM platform enables IT teams to manage, configure, and monitor a data center’s infrastructure via cloud connectivity. This platform serves as an integrated hub of information and control for all interconnected devices. Such solutions find widespread adoption, ranging from enterprises overseeing on-site server installations to expansive co-located data centers, including the industry giants like AWS, Google Cloud, Microsoft Azure, and others.

Access to power management systems can allow attackers to cut power to devices connected to a PDU shutting down data centers. A threat actor could cause a prolonged outage with the simple “flip of a switch” in dozens of compromised data centers.

The manipulation of power management can also damage hardware devices.

Threat actors can also compromise a data center by establishing a backdoor and abuse systems and devices spread malware on a large scale. APT groups could trigger these flaws to conduct cyberespionage attacks.

The researchers presented their findings at the DEFCON security conference today.

The nine vulnerabilities have received CVE between CVE-2023-3259 through CVE-2023-3267. Successful exploitation of the flaws can allow threat actors to shut down entire data centers.

“we found four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and five vulnerabilities in Dataprobe’s iBoot Power Distribution Unit (PDU). An attacker could chain these vulnerabilities together to gain full access to these systems – which alone could be leveraged to commit substantial damage.” reads the advisory published by Trellix. “Furthermore, both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems.”

The good news is that the researchers have found no evidence that these flaws were exploited in the wild.

Below is the list of flaws discovered by the researchers:

• CyberPower PowerPanel Enterprise:
  • CVE-2023-3264: Use of Hard-coded Credentials (CVSS 6.7)
  • CVE-2023-3265: Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass; CVSS 7.2)
  • CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5)
  • CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5)
• Dataprobe iBoot PDU:
  • CVE-2023-3259: Deserialization of Untrusted Data (Auth Bypass; CVSS 9.8)
  • CVE-2023-3260: OS Command Injection (Authenticated RCE; CVSS 7.2)
  • CVE-2023-3261: Buffer Overflow (DOS; CVSS 7.5)
  • CVE-2023-3262: Use of Hard-coded Credentials (CVSS 6.7)
  • CVE-2023-3263: Authentication Bypass by Alternate Name (Auth Bypass; CVSS 7.5)

The vendor addressed the flaw with the release of version 2.6.9 of PowerPanel Enterprise software and version 1.44.08042023 of the Dataprobe iBoot PDU firmware.

Experts recommend to;

• Ensure that your PowerPanel Enterprise or iBoot PDU are not exposed to the wider Internet. Each should be reachable only from within your organization’s secure intranet.
  • In the case of the iBoot PDU, we suggest disabling remote access via Dataprobe’s cloud service as an added precaution.
• Modify the passwords associated with all user accounts and revoke any sensitive information stored on both appliances that may have been leaked.
• Update to the latest version of PowerPanel Enterprise or install the latest firmware for the iBoot PDU and subscribe to the relevant vendor’s security update notifications.
  • Although this measure in and of itself will not reduce risk of attack via the vulnerabilities described in this document, updating all your software to the latest and greatest version promptly is the best practice for ensuring your window of exposure is as short as possible in this and future cases.

“With how incredibly significant these services are for consumers and businesses, it’s clear that cybersecurity for the data centers making them possible is essential. It isn’t wrong to say today that proper cybersecurity posture and defenses for data centers are essential to the basic functioning of our economy and society. This level of importance makes them a target for threat actors looking to implement attacks on nation-states, ransom critical infrastructure, or conduct espionage for foreign nations.” concludes the researchers. “Thus, the devices and software platforms that service data centers must remain secure and updated, and the vendors producing this hardware and software have processes in place for quick and efficient response following vulnerability disclosures.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CyberPower)