CVE-2022-46658
published 2023-05-22CVE-2022-46658: The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.23%
65.2th percentile
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dataprobe | iboot-pdu4-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe_inc | dataprobe_iboot-pdu_fw | < 1.42.06162022 | 1.42.06162022 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wx8f-hp3p-f4v8: The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution
ghsa_unreviewed·2023-05-23
CVE-2022-46658 [CRITICAL] CWE-121 GHSA-wx8f-hp3p-f4v8: The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
CISA ICS
Dataprobe iBoot-PDU (Update A)
cisa_ics·2022-09-20·CVSS 9.8
[CRITICAL] Dataprobe iBoot-PDU (Update A)
ICS Advisory
##
Dataprobe iBoot-PDU (Update A)
Last RevisedMay 04, 2023
Alert CodeICSA-22-263-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dataprobe
- Equipment: iBoot-PDU FW
- Vulnerabilities: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, SSRF, Stack-Based Buffer Overflow, Use of Weak Credentials, Plaintext Storage of a Password, Authentication Bypass Using an Alternate Path or Channel
## 2. UPDATE OR REPOSTED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-263-03 Dataprobe iBoot-PDU that was published September 20, 2022, on the IC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-22
Published