Sign In

Communications of the ACM

ACM TechNews

Data Centers at Risk Due to Flaws in Power Management Software

View as: Print Mobile App Share:
IT technician examining servers

Data centers are a critical attack vector for cybercriminals.

Credit: Getty Images

Cybersecurity researchers at Trellix have identified vulnerabilities in commonly used applications in data centers that could allow hackers to gain access and shut off power to specific servers.

The researchers found four vulnerabilities in CyberPower's infrastructure-management platform and five in Dataprobe's power-distribution units that enable remote code injection. "A vulnerability on a single datacenter-management platform or device can quickly lead to a complete compromise of the internal network and give threat actors a foothold to attack any connected cloud infrastructure further," Trellix researchers said in a report.

CyberPower software is an attractive target because it manages all devices in a single Web application, says senior security researcher Sam Quinn at Trellix. After gaining access to the software, attackers could turn their attention to power-distribution units and "toggle on and off power," he says.

Both CyberPower and Dataprobe have patched the vulnerabilities.

From CyberScoop
View Full Article


Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account