CVE-2022-47320
published 2023-05-22CVE-2022-47320: The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the…
PriorityP344high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.51%
39.4th percentile
The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dataprobe | iboot-pdu4-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe_inc | dataprobe_iboot-pdu_fw | < 1.42.06162022 | 1.42.06162022 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9x97-7gh3-f487: The iBoot device’s basic discovery protocol assists in initial device configuration
ghsa_unreviewed·2023-07-06
CVE-2022-47320 [HIGH] CWE-288 GHSA-9x97-7gh3-f487: The iBoot device’s basic discovery protocol assists in initial device configuration
The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.
CISA ICS
Dataprobe iBoot-PDU (Update A)
cisa_ics·2022-09-20·CVSS 9.8
[CRITICAL] Dataprobe iBoot-PDU (Update A)
ICS Advisory
##
Dataprobe iBoot-PDU (Update A)
Last RevisedMay 04, 2023
Alert CodeICSA-22-263-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dataprobe
- Equipment: iBoot-PDU FW
- Vulnerabilities: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, SSRF, Stack-Based Buffer Overflow, Use of Weak Credentials, Plaintext Storage of a Password, Authentication Bypass Using an Alternate Path or Channel
## 2. UPDATE OR REPOSTED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-263-03 Dataprobe iBoot-PDU that was published September 20, 2022, on the IC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-22
Published