CVE-2022-47311
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.
Affected (22)
Products: Dataprobe: Iboot Pdu4 N20 Firmware, Iboot Pdu4sa N15 Firmware, Iboot Pdu4a N15 Firmware, Iboot Pdu4sa N20 Firmware, Iboot Pdu4a N20 Firmware, Iboot Pdu8sa N15 Firmware, Iboot Pdu8a N15 Firmware, Iboot Pdu8sa 2n15 Firmware, Iboot Pdu8a 2n15 Firmware, Iboot Pdu8sa N20 Firmware, Iboot Pdu8a N20 Firmware, Iboot Pdu8a 2n20 Firmware, Iboot Pdu4 C20 Firmware, Iboot Pdu4a C10 Firmware, Iboot Pdu4sa C10 Firmware, Iboot Pdu8a C10 Firmware, Iboot Pdu8sa C10 Firmware, Iboot Pdu8a 2c20 Firmware, Iboot Pdu4sa C20 Firmware, Iboot Pdu4a C20 Firmware, Iboot Pdu8a 2c10 Firmware, Iboot Pdu8a C20 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4 N20 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4sa N15 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4a N15 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4sa N20 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4a N20 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8sa N15 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a N15 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8sa 2n15 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a 2n15 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8sa N20 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a N20 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a 2n20 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4 C20 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4a C10 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4sa C10 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a C10 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8sa C10 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a 2c20 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4sa C20 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu4a C20 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a 2c10 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.42.06162022 |
| Running on/with | Platform Versions |
|---|---|
Dataprobe Iboot Pdu8a C20 | All versions |
References (4)
Source: ics-cert@hq.dhs.gov
Product
Source: ics-cert@hq.dhs.gov
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource
Timeline
No history available yet.