CVE-2022-3184

high-risk
Published 2022-12-21

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory.

Do I need to act?

~
2.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (12)

Iboot-Pdu4-N20 Firmware
Iboot-Pdu4Sa-N15 Firmware
Iboot-Pdu4A-N15 Firmware
Iboot-Pdu4Sa-N20 Firmware
Iboot-Pdu4A-N20 Firmware
Iboot-Pdu8Sa-N15 Firmware
Iboot-Pdu8A-N15 Firmware
Iboot-Pdu8Sa-2N15 Firmware
Iboot-Pdu8A-2N15 Firmware
Iboot-Pdu8Sa-N20 Firmware
Iboot-Pdu8A-N20 Firmware
Iboot-Pdu8A-2N20 Firmware

Affected Vendors

Dataprobe

References (2)

Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
55
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 17/34 · Moderate