Command Injection Vulnerability in Dataprobe iBoot PDU Firmware 1.43.03312023 and Earlier
CVE-2023-3260 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.