cbcvebase.
CVE-2022-3188
published 2022-12-21

CVE-2022-3188: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication…

PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.52%
40.0th percentile
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.

Affected

13 ranges
VendorProductVersion rangeFixed in
dataprobeiboot-pdu4-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4a-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4a-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4sa-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4sa-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-2n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-2n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8sa-2n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8sa-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8sa-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu_fw<= 1.42.06162022
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.