Trellix researchers are disclosing a number of critical data center power management platform vulnerabilities at DEFCON 2023 today.<\/p>\n\n\n\n
The vulnerabilities “could allow attackers to shut down entire data centers in minutes, slowly infect entire data center deployments to steal key data and information, or utilize compromised resources to initiate massive attacks at a global scale,” Sam Quinn and Jesse Chick of the Trellix Advanced Research Center wrote in a blog accompanying their presentation<\/a>.<\/p>\n\n\n\n The Trellix researchers investigated several data center software platforms and hardware technologies as part of a U.S. effort to secure critical infrastructure. They found four critical vulnerabilities in CyberPower’s Data Center Infrastructure Management (DCIM) platform and five critical vulnerabilities in Dataprobe’s iBoot Power Distribution Unit (PDU).<\/p>\n\n\n\n CyberPower offers power protection and management systems for computer and server technologies. The CyberPower DCIM platform lets IT teams manage, configure and monitor the infrastructure within a data center through the cloud, “serving as a single source of information and control for all devices.”<\/p>\n\n\n\n Quinn and Chick said these platforms “are commonly used by companies managing on-premise server deployments to larger, co-located data centers \u2013 like those from major cloud providers AWS, Google Cloud, Microsoft Azure, etc.”<\/p>\n\n\n\n Dataprobe’s power management products help businesses monitor and control their networks typically in small to mid-sized data centers and SMBs managing on-premises server deployments. “Their iBoot PDU allows administrators to manage the power supply to their devices and equipment remotely, via a simple and easy to use web browser application,” the researchers noted.<\/p>\n\n\n\n Here are the vulnerabilities they discovered, including their CVEs, CVSS scores, and a brief description of each:<\/p>\n\n\n\n The researchers said the vulnerabilities could give threat actors authenticated access to these data center power management systems, “which alone could be leveraged to commit catastrophic damage. However, the exploits go even further in allowing for remote code injection on the data center hardware to create a backdoor on the device, and an entry point to the broader network of connected data center devices and enterprise systems.”<\/p>\n\n\n\n Potential attacks include:<\/p>\n\n\n\n Power Off:<\/strong> “Even the simple act of turning the data center off could cause massive damage,” the researchers said. With a simple “flip of a switch,” threat actors could shut down data centers.<\/p>\n\n\n\n Malware at Scale:<\/strong> Using these platforms to create a backdoor on data center equipment gives threat actors “a foothold to compromise systems at a massive scale \u2013 in the data center itself and for the business networks that access these servers. This malware could be leveraged for unprecedented ransomware<\/a>, DDoS<\/a> or Wiper<\/a> attacks that would completely dwarf SuxNet, Mirai BotNet<\/a>, or WannaCry<\/a>.”<\/p>\n\n\n\n Digital Espionage:<\/strong> “Spyware installed in data centers across the world could be leveraged for extreme cyberespionage,” they wrote.<\/p>\n\n\n\n Also read: Network Protection: How to Secure a Network<\/a><\/strong><\/p>\n\n\n\n The Trellix findings were just a few of the scores of vulnerabilities unveiled this week at the Black Hat<\/a> and DEFCON<\/a> conferences.<\/p>\n\n\n\n Among the vulnerabilities were a data leakage flaw<\/a> in Intel chips and a denial of service vulnerability<\/a> in Microsoft Defender revealed<\/a> by SafeBreach researchers.<\/p>\n\n\n\n And in a surprise announcement at Black Hat, the U.S. Defense Advanced Research Projects Agency (DARPA) announced<\/a> a two-year competition to develop AI cybersecurity tools, with nearly $20 million in prizes.<\/p>\n\n\n\n eSecurity Planet Editor Paul Shread<\/a> contributed to this report<\/em><\/p>\n\n\n\n Further reading:<\/strong><\/p>\n\n\n\n\n
\n
\n
Black Hat, DEFCON Vulnerabilities – And a Challenge<\/h2>\n\n\n\n