CVE-2022-3186
published 2022-12-21CVE-2022-3186: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.57%
42.9th percentile
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dataprobe | iboot-pdu4-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu_fw | <= 1.42.06162022 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-84p2-3q54-pcv7: Dataprobe iBoot-PDU FW versions prior to 1
ghsa_unreviewed·2023-07-06
CVE-2022-3186 [HIGH] CWE-284 GHSA-84p2-3q54-pcv7: Dataprobe iBoot-PDU FW versions prior to 1
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.
CISA ICS
Dataprobe iBoot-PDU (Update A)
cisa_ics·2022-09-20·CVSS 9.8
[CRITICAL] Dataprobe iBoot-PDU (Update A)
ICS Advisory
##
Dataprobe iBoot-PDU (Update A)
Last RevisedMay 04, 2023
Alert CodeICSA-22-263-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dataprobe
- Equipment: iBoot-PDU FW
- Vulnerabilities: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, SSRF, Stack-Based Buffer Overflow, Use of Weak Credentials, Plaintext Storage of a Password, Authentication Bypass Using an Alternate Path or Channel
## 2. UPDATE OR REPOSTED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-263-03 Dataprobe iBoot-PDU that was published September 20, 2022, on the IC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-21
Published