Command Injection Vulnerability in Dataprobe iBoot PDU Firmware 1.43.03312023 and Earlier

Command Injection Vulnerability in Dataprobe iBoot PDU Firmware 1.43.03312023 and Earlier

CVE-2023-3260 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.