CVE-2022-3188
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD
Description
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.
Affected (12)
Products: Dataprobe: Iboot Pdu4 N20 Firmware, Iboot Pdu4sa N15 Firmware, Iboot Pdu4a N15 Firmware, Iboot Pdu4sa N20 Firmware, Iboot Pdu4a N20 Firmware, Iboot Pdu8sa N15 Firmware, Iboot Pdu8a N15 Firmware, Iboot Pdu8sa 2n15 Firmware, Iboot Pdu8a 2n15 Firmware, Iboot Pdu8sa N20 Firmware, Iboot Pdu8a N20 Firmware, Iboot Pdu8a 2n20 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4 N20 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4sa N15 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4a N15 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4sa N20 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4a N20 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8sa N15 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a N15 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8sa 2n15 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a 2n15 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8sa N20 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a N20 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a 2n20 | All versions |
Related CWEs
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (2)
Source: ics-cert@hq.dhs.gov
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource
Timeline
No history available yet.