CVE-2023-3261 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2023-3261?

CVE-2023-3261 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-3261?

Check the references section above for vendor advisories and patch information. Affected products include: Cyberpower Powerpanel Server, Dataprobe Iboot-Pdu4A-C10 Firmware, Dataprobe Iboot-Pdu4A-C10, Dataprobe Iboot-Pdu4A-C20 Firmware, Dataprobe Iboot-Pdu4A-C20.

Vulnerability Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cyberpower	Powerpanel Server	< 2.6.9
Dataprobe	Iboot-Pdu4A-C10 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4A-C10	-
Dataprobe	Iboot-Pdu4A-C20 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4A-C20	-
Dataprobe	Iboot-Pdu4A-N15 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4A-N15	-
Dataprobe	Iboot-Pdu4A-N20 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4A-N20	-
Dataprobe	Iboot-Pdu4-C20 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4-C20	-
Dataprobe	Iboot-Pdu4-N20 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4-N20	-
Dataprobe	Iboot-Pdu4Sa-C10 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4Sa-C10	-
Dataprobe	Iboot-Pdu4Sa-C20 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4Sa-C20	-
Dataprobe	Iboot-Pdu4Sa-N15 Firmware	< 1.44.0804202
Dataprobe	Iboot-Pdu4Sa-N15	-
Dataprobe	Iboot-Pdu4Sa-N20 Firmware	< 1.44.0804202

Related Weaknesses (CWE)

CWE-78 CWE-119

References

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurkingVendor Advisory
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurkingVendor Advisory

FAQ

What is CVE-2023-3261?

CVE-2023-3261 is a vulnerability with a CVSS score of 7.5 (HIGH). The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service ...

How severe is CVE-2023-3261?

CVE-2023-3261 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3261?

Check the references section above for vendor advisories and patch information. Affected products include: Cyberpower Powerpanel Server, Dataprobe Iboot-Pdu4A-C10 Firmware, Dataprobe Iboot-Pdu4A-C10, Dataprobe Iboot-Pdu4A-C20 Firmware, Dataprobe Iboot-Pdu4A-C20.