CVE-2023-3260 HIGH

CVE-2023-3260

Vendor Dataprobe

Product iBoot PDU

Weakness CWE-78

Published August 14, 2023

Last update October 9, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.

Key dates

02Disclosure timeline

August 14, 2023 CVE published

October 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3260

Related vulnerabilities

Identifiers

CVE CVE-2023-3260

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions