CVE-2022-3183

high-risk
Published 2022-12-21

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (12)

Iboot-Pdu4-N20 Firmware
Iboot-Pdu4Sa-N15 Firmware
Iboot-Pdu4A-N15 Firmware
Iboot-Pdu4Sa-N20 Firmware
Iboot-Pdu4A-N20 Firmware
Iboot-Pdu8Sa-N15 Firmware
Iboot-Pdu8A-N15 Firmware
Iboot-Pdu8Sa-2N15 Firmware
Iboot-Pdu8A-2N15 Firmware
Iboot-Pdu8Sa-N20 Firmware
Iboot-Pdu8A-N20 Firmware
Iboot-Pdu8A-2N20 Firmware

Affected Vendors

Dataprobe

References (2)

Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
52
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 17/34 · Moderate