Data center flaws spurred disruptions, espionage and malware attacks

• Critical vulnerabilities unveiled in popular data center management platforms, posing serious security risks.
• CyberPower’s PowerPanel Enterprise and Dataprobe’s iBoot PDU were found to have multiple vulnerabilities.
• Potential exploitation could lead to power disruption, malware deployment, and digital espionage.
• Urgent fixes released by vendors, urging affected customers to patch their systems immediately.
• Emphasis on network isolation, remote access management, password updates, and regular software updates to mitigate risks.

Trellix’s Advanced Research Center has unveiled a series of critical vulnerabilities in data center management platforms, shedding light on potential security risks that could cripple the foundation of our interconnected world.

The Vulnerabilities Unveiled

In an ongoing research effort to bolster cybersecurity and resilience in the digital realm, Trellix’s Advanced Research Center turned its attention to critical vulnerabilities within data center management platforms.

This initiative aligns seamlessly with the recently announced 2023 National Cybersecurity Strategy, underscoring the importance of securing national critical infrastructures and enhancing overall digital ecosystem security.

The team’s initial focus was on power management and supply technologies, key components of data center infrastructure. Through detailed investigation, Trellix’s researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.

CyberPower’s PowerPanel Enterprise Vulnerabilities

Trellix’s research identified four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform:

1. CVE-2023-3264: Use of Hard-coded Credentials
2. CVE-2023-3267: OS Command Injection (Authenticated RCE)
3. CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass)
4. CVE-2023-3265: Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass)

These vulnerabilities, if exploited in tandem, could grant attackers full access to these systems. Such access could lead to substantial damage and potentially pave the way for broader network compromise.

Dataprobe’s iBoot PDU Vulnerabilities

Dataprobe’s iBoot Power Distribution Unit (PDU) also exhibited five critical vulnerabilities:

1. CVE-2023-3261: Buffer Overflow (DOS)
2. CVE-2023-3262: Use of Hard-coded Credentials
3. CVE-2023-3260: OS Command Injection (Authenticated RCE)
4. CVE-2023-3259: Deserialization of Untrusted Data (Auth Bypass)
5. CVE-2023-3263: Authentication Bypass by Alternate Name (Auth Bypass)

The potential impact of these vulnerabilities is profound, encompassing scenarios such as power disruption, widespread malware deployment, and digital espionage.

The Implications of Vulnerabilities

The implications of these vulnerabilities are far-reaching. With data centers forming the backbone of critical services, the risks extend to both consumers and enterprises. The exploitation of such vulnerabilities could lead to the following outcomes:

• Power Off: Attackers could disrupt operations across multiple data centers by cutting power to connected devices, causing extensive outages and financial losses.
• Malware at Scale: Compromised data center equipment could serve as a launchpad for massive ransomware, DDoS, or wiper attacks, potentially surpassing infamous incidents like StuxNet and WannaCry.
• Digital Espionage: Nation-state actors and advanced persistent threats (APTs) could exploit these vulnerabilities for cyberespionage, potentially exposing sensitive information to foreign governments.

It is worth noting that Trellix researchers presented their findings on August 12th at the Black Hat security conference in Las Vegas, United States.

Fortunately, these vulnerabilities were discovered before they could be exploited by threat actors, minimizing the risk of malicious exploitation. Nonetheless, data centers remain attractive targets for cybercriminals due to their extensive attack surface and potential for widespread impact.

Strategies for Mitigation and Future Preparedness

To address these vulnerabilities, both CyberPower and Dataprobe have promptly released fixes for their affected products. Trellix strongly advises affected customers to implement these patches immediately and adopt additional precautions:

1. Network Isolation: Ensure that data center management platforms are reachable only within secure intranets, shielding them from wider internet exposure.
2. Remote Access Management: Disable remote access to devices and platforms when not needed, reducing potential attack vectors.
3. Password Management: Update passwords for user accounts associated with vulnerable systems and revoke any compromised credentials.
4. Regular Updates: Stay vigilant by applying the latest software and firmware updates promptly to reduce exposure to future vulnerabilities.

Conclusion

Trellix’s Advanced Research Center’s findings underscore the critical role played by data centers in modern operations and the urgent need to fortify their defences. By collaborating with vendors, promptly addressing vulnerabilities, and embracing best practices, the digital ecosystem can continue to evolve securely, resiliently, and without compromise.

RELATED ARTICLES

1. China attack National Data Center with watering hole attack
2. Login Details of Tech Giants Leaked in Two Data Center Hacks
3. Top sites affected after OVH data center catches disastrous fire
4. NATO bunker’s dark web data center seized for hosting child porn
5. BlackCat (ALPHV) Claims Ransomware Attack on NCR Data Center