Researchers uncover data center risks from CyberPower, Dataprobe products

Findings presented by security researchers at the recent DEF CON security conference showed that multiple security vulnerabilities are present in the PowerPanel Enterprise Data Center Infrastructure Management software offered by CyberPower and Dataprobe's iBoot Power Distribution Unit device, which when exploited together can cause catastrophic damage to data centers that use them, reports The Hacker News. "Both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems," the researchers said. "A vulnerability on a single data center management platform or device can quickly lead to a complete compromise of the internal network and give threat actors a foothold to attack any connected cloud infrastructure further," from which they could either perform ransomware activities, DDoS attacks, or cyber espionage. Both flaws have been patched by their respective providers. Furthermore, the researchers note that no exploitation of the flaws has been observed in the wild.