Cybersecurity researchers at Trellix have identified vulnerabilities in commonly used applications in data centers that could allow hackers to gain access and shut off power to specific servers.
The researchers found four vulnerabilities in CyberPower's infrastructure-management platform and five in Dataprobe's power-distribution units that enable remote code injection. "A vulnerability on a single datacenter-management platform or device can quickly lead to a complete compromise of the internal network and give threat actors a foothold to attack any connected cloud infrastructure further," Trellix researchers said in a report.
CyberPower software is an attractive target because it manages all devices in a single Web application, says senior security researcher Sam Quinn at Trellix. After gaining access to the software, attackers could turn their attention to power-distribution units and "toggle on and off power," he says.
Both CyberPower and Dataprobe have patched the vulnerabilities.
From CyberScoop
View Full Article
Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA
No entries found