Researchers from Trellix’s Advanced Research Center recently disclosed multiple critical, high, and medium severity vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). These vulnerabilities, if exploited, could allow attackers to gain complete control over these systems and use them as an entry point into broader data centers and enterprise networks. It is highly recommended that impacted customers patch these vulnerabilities as soon as possible. Let’s see what the researchers revealed about the multiple vulnerabilities in CyberPower and DataProbe Products and how to patch the flaws in this blog post.
An Short Note About CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) Platform
CyberPower’s PowerPanel Enterprise is a leading DCIM platform that allows IT teams to manage, configure and monitor data center infrastructure through the cloud. It serves as a centralized source of information and control for all devices across on-premise and co-located data centers.
Some key features of PowerPanel Enterprise include:
- Centralized monitoring and control of power devices like PDUs, UPSs, racks, etc.
- Tracking energy usage and efficiency
- Environmental monitoring of temperature, humidity, leaks, smoke, etc.
- Visual mapping of data center assets and infrastructure
- Reporting on capacity, uptime, alarms, etc.
- Role-based access control and security
- Integration with various third-party hardware and software systems
- REST APIs for automation and integration
With data centers increasing rack densities to meet demands, DCIM platforms like PowerPanel Enterprise are becoming indispensable for enterprises to effectively manage these complex environments, prevent outages and maintain maximum uptime.
An Short Note About Dataprobe’s iBoot Power Distribution Unit (PDU)
The iBoot PDU from Dataprobe is an intelligent power distribution unit designed to remotely monitor and control power supply to devices in data centers, labs, remote sites, etc.
Some key capabilities offered by iBoot PDU include:
- Remotely switch power outlets on/off via the web interface
- Reboot unresponsive equipment with the click of a button
- Schedule power cycling based on the time of day
- Monitor current, voltage, power consumption, etc.
- Alerts for power failures, high load, etc.
- Integration with DCIM and Building Management Systems
- Centralized management via Dataprobe’s cloud portal
- Control via REST APIs for automation
With remote outlet switching and power cycling, the iBoot PDU helps resolve common remote management issues like rebooting frozen devices, provisioning equipment, etc, without dispatching IT staff physically. Thousands of iBoot PDUs are deployed across data centers, telecom infrastructure, and other mission-critical environments.
List of Vulnerabilities in CyberPower and DataProbe Products
The multiple vulnerabilities discovered in CyberPower and Dataprobe products can be chained together to gain complete control of these systems. The vulnerabilities would also allow attackers to remotely execute code on the appliances to create backdoors into the broader data center infrastructure.
Here you see the list of vulnerabilities in CyberPower’s PowerPanel Enterprise platform:
|Use of Hard-coded Credentials – Hardcoded credentials can allow attackers to easily gain unauthorized access.
|Improper Neutralization of Escape Sequences – Allows bypassing authentication via injecting escape characters.
|Improper Security Check Implementation – Flawed validation logic results in authentication bypass.
|OS Command Injection – Flaws enable executing arbitrary system commands as root user.
Here you see the list of vulnerabilities in Dataprobe’s iBoot PDU:
|Deserialization of Untrusted Data – Allows attackers to submit malicious input leading to RCE.
|OS Command Injection – Flaws enable executing arbitrary system commands as the root user.
|Buffer Overflow – Memory corruption issue enables denial of service attacks.
|Use of Hardcoded Credentials – Hardcoded credentials can allow attackers to easily gain unauthorized access.
|Authentication Bypass by Alternate Name – Predictable session IDs allow bypassing authentication.
Impact of the Vulnerabilities
Chaining together the vulnerabilities in both CyberPower and Dataprobe products can allow attackers to gain complete control over these systems. Furthermore, the vulnerabilities could enable remote code execution, which can be leveraged to create persistent backdoors into the data center network.
If exploited at scale across multiple data centers, these vulnerabilities can cause massive disruptions through techniques like:
- Powering off critical systems and infrastructure leads to extended outages costing millions per minute
- Deploying malware across thousands of connected servers and systems to steal data or launch ransomware, DDoS, and other attacks at scale
- Conducting espionage by nation-state actors to access sensitive information
CyberPower and DataProbe Products Vulnerable to the Flaws
According to the published report, the below products are prone to the vulnerabilities listed in the earlier sections.
- CyberPower PowerPanel Enterprise versions prior to 2.6.9
- Dataprobe iBoot PDU firmware versions prior to 1.44.08042023
Any data centers or enterprises using the vulnerable versions of these products are exposed to potential compromise and should patch immediately.
How to Fix the Vulnerabilities in CyberPower and DataProbe Products?
CyberPower and Dataprobe have released patches to address all the reported vulnerabilities in PowerPanel Enterprise and iBoot PDU, respectively. Customers using vulnerable versions should install the latest updates immediately to mitigate risks of potential exploitation.
Specifically, CyberPower has released PowerPanel Enterprise version 2.6.9 to address the vulnerabilities. Dataprobe has released iBoot PDU firmware version 1.44.08042023 to fix the flaws in their product.
In addition to updating the vulnerable software and firmware, customers should also take the following steps:
- Restrict access to the management interfaces of PowerPanel Enterprise and iBoot PDU from only the internal organizational network. They should not be exposed to the public Internet, which increases the attack surface.
- For iBoot PDU deployments, consider disabling remote access via Dataprobe’s cloud management platform if not absolutely required. This reduces potential attack vectors.
- Reset all credentials associated with the appliances after updating them. Also, revoke access of any credentials that may have been compromised previously.
- Closely monitor vendor notifications and subscribe to receive security updates promptly. Install patches as soon as new releases are available.
- Consider additional monitoring and access controls to detect and prevent anomalous activity indicating potential exploitation attempts.
- Trellix endpoint security products like EDR and network security solutions like Network Detection and Response can also detect attacks exploiting these vulnerabilities.
Regularly updating software and firmware, restricting unnecessary access, resetting credentials and subscribing to security alerts can help organizations stay protected against emerging threats targeting critical infrastructure like data centers.
The critical vulnerabilities recently disclosed in CyberPower and DataProbe’s data center infrastructure products like PowerPanel Enterprise and iBoot PDU could result in significant compromises if left unpatched. Customers are strongly advised to install the latest updates and follow recommended mitigation steps to protect against potential exploits targeting these vulnerabilities in CyberPower and DataProbe products. With data centers increasingly becoming prime targets, vendors must continue security research and patching to harden these foundational platforms powering critical business infrastructure.