cbcvebase.
CVE-2022-3189
published 2022-12-21

CVE-2022-3189: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to…

PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.48%
38.1th percentile
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter.

Affected

13 ranges
VendorProductVersion rangeFixed in
dataprobeiboot-pdu4-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4a-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4a-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4sa-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu4sa-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-2n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-2n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8a-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8sa-2n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8sa-n15_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu8sa-n20_firmware< 1.42.061620221.42.06162022
dataprobeiboot-pdu_fw<= 1.42.06162022
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.