The vulnerabilities affecting the iBoot-PDU product were identified by researchers at industrial cybersecurity firm Claroty, who found a total of seven issues, including ones allowing a remote, unauthenticated attacker to execute arbitrary code.
iBoot PDU vulnerabilitiesThe impacted PDU provides a web interface and a cloud platform for configuring the product and controlling each individual outlet for remote power management.
A 2021 report from Censys showed that there were more than 2,000 PDUs directly exposed to the internet and nearly one-third of them were iBoot PDUs.
