Last week of May was marked with a very important event for our penetration testing team - our lead expert, Dmitri Z., has successfully submitted 9 CVEs detected in the Aten PE6208 managed PDU during an onsite penetration testing project. Three of the discovered CVEs are associated with high risk level, four - with medium, and the remaining two - with low risk. The range of the possible impacts spans from the relatively low priority partial DoS state of the device, to possible control over the state of the power outlets and ultimately uploading a modified firmware image with arbitrary code, turning the PDU into a gateway to the protected network segments.

MITRE has offically accepted the CVEs and listed them in the official database.

Readers, interested in the technical details, may find additional info on this Github page.

We're very happy to congratulate Dmitri with this important milestone and acknowledgement of his skill and proficiency!

Something worth noting here is the class of the device. It is neither a typical workstation, nor is it a server or a networking device. Yet, many datacenters rely on intelligent PDUs for managing the power distribution and gathering various data for power supply system monitoring and analysis. The PDUs are often connected to internal network segments that may or may not be properly isolated, and if compromised - this useful device may help wreack havoc on the company infrastructure.

Contact us to check out our services and let our experts help you stay secure against all threats!