Findings presented by security researchers at the recent DEF CON security conference showed that multiple security vulnerabilities are present in the PowerPanel Enterprise Data Center Infrastructure Management software offered by CyberPower and Dataprobe's iBoot Power Distribution Unit device, which when exploited together can cause catastrophic damage to data centers that use them, reports The Hacker News.
"Both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems," the researchers said.
"A vulnerability on a single data center management platform or device can quickly lead to a complete compromise of the internal network and give threat actors a foothold to attack any connected cloud infrastructure further," from which they could either perform ransomware activities, DDoS attacks, or cyber espionage.
Both flaws have been patched by their respective providers. Furthermore, the researchers note that no exploitation of the flaws has been observed in the wild.
Endpoint/Device Security, Vulnerability Management
Researchers uncover data center risks from CyberPower, Dataprobe products
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds