CVE-2022-3186

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03	Patch Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:19

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 - Patch, Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 - Patch, Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.6
Summary		(es) Las versiones de firmware de Dataprobe iBoot-PDU anteriores a la 1.42.06162022 contienen una vulnerabilidad en la que el producto afectado permite a un atacante acceder a la página de administración principal del dispositivo desde la nube. Esta característica permite a los usuarios conectar dispositivos de forma remota; sin embargo, la implementación actual permite a los usuarios acceder a la información de otros dispositivos.

Information

Published : 2022-12-21 23:15

Updated : 2024-11-21 07:19

NVD link : CVE-2022-3186

Mitre link : CVE-2022-3186

CVE.ORG link : CVE-2022-3186

JSON object : View

Products Affected

dataprobe

iboot-pdu4a-n20_firmware
iboot-pdu8sa-n20
iboot-pdu8a-n15
iboot-pdu8sa-n15
iboot-pdu4a-n15_firmware
iboot-pdu8a-2n15
iboot-pdu4-n20_firmware
iboot-pdu8a-2n15_firmware
iboot-pdu4-n20
iboot-pdu4sa-n20_firmware
iboot-pdu8a-2n20
iboot-pdu8sa-2n15_firmware
iboot-pdu8a-n15_firmware
iboot-pdu4sa-n20
iboot-pdu4sa-n15
iboot-pdu8a-n20_firmware
iboot-pdu8sa-n15_firmware
iboot-pdu8a-n20
iboot-pdu8sa-2n15
iboot-pdu4a-n20
iboot-pdu8a-2n20_firmware
iboot-pdu4sa-n15_firmware
iboot-pdu4a-n15
iboot-pdu8sa-n20_firmware

CWE

CWE-284

Improper Access Control

NVD-CWE-Other

8.6 /10