Trellix found four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Centre Infrastructure Management (DCIM) platform alone, and a further five in Dataprobe’s iBoot Power Distribution Unit (PDU).

According to the analysists, these vulnerabilities could be chained by an attacker to gain access to an entire system – the systems are also vulnerable to remote code injection, which could be used to generate a backdoor for further penetration.

CyperPower’s platform is typically used by companies managing in-house server deployments to larger data-centres – vulnerabilities along this infrastructure could put even more data at risk if an entry point is exposed.

With more data centre operators increasing the densities of their rack, which causes them to use and rely on these platforms even more, the importance of patching these vulnerabilities is paramount, the analysts insist.

Further, Dataprobe’s platform allows users to manage their data centre remotely – but in 2021, Censys found that more than 750 iBoot PDUs could be accessed over the internet, putting the devices as greater risk of being hacked.

These vulnerabilities can be disastrous for the entire tech ecosystem – data centres are foundational building blocks of a functioning internet. Hacking management devices can lead to a number of issues.

Devices like Dataprobe’s are often used to manage the power system – if hacked, they can power off an entire data centre or target specific servers, causing potential disruptions.

Malware can be effectively launched at scale if a data centre is compromised – data centres can host thousands of servers, can malware could be leveraged for significant ransomware or distributed denial of service (DDoS) attacks.

Trellix analysts say the issue could even be used by nation-state backed threat actors for cyberespionage attacks against national infrastructure.

Recommendations

While the vulnerabilities at CyberPower and Dataprobe have both been patched, the potential for attack remains for other data centre management platforms.

Besides official patches, the analysts provide several recommendations to protect data centres against exploitation:

• Ensuring management devices are not exposed to the wider internet: Devices, especially remote devices, should only be connected to a secure, organisation-only intranet.
• Password protection: In the case of a potential leak, all passwords should be modified and access to sensitive data should be revoked on potentially compromised devices.
• Updates: Consistently update to the latest version of management devices to ensure they have the utmost security and any vulnerabilities are patched.