Multiple vulnerabilities in data center infrastructure management systems and power distribution units have been discovered that could be exploited by attackers to gain full access to these systems and perform remote code execution.
The vulnerabilities affect products from CyberPower and Dataprobe, and they could be used to create backdoors on data center equipment, launch malware at scale, carry out digital espionage, and even knock out power altogether.
Both vendors have released patches for the vulnerabilities, but Trellix, the security firm that discovered them, is urging all potentially impacted customers to download and install them immediately.
In addition to the official patches, Trellix also recommends taking the following steps to protect your data center from these vulnerabilities:
Ensure that PowerPanel Enterprise or iBoot PDU are not exposed to the wider internet. Each should be reachable only from within an organization’s secure intranet.
Modify the passwords associated with all user accounts and revoke any sensitive information stored on both appliances that may have been leaked.
Update to the latest version of PowerPanel Enterprise or install the latest firmware for the iBoot PDU and subscribe to the relevant vendor’s security update notifications.
These vulnerabilities are a serious threat to data centers and it is important to take steps to protect your systems as soon as possible. By following the recommendations above, you can help to mitigate the risk of an attack.