CVE-2022-3186

moderate-risk
Published 2022-12-21

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (12)

Iboot-Pdu4-N20 Firmware
Iboot-Pdu4Sa-N15 Firmware
Iboot-Pdu4A-N15 Firmware
Iboot-Pdu4Sa-N20 Firmware
Iboot-Pdu4A-N20 Firmware
Iboot-Pdu8Sa-N15 Firmware
Iboot-Pdu8A-N15 Firmware
Iboot-Pdu8Sa-2N15 Firmware
Iboot-Pdu8A-2N15 Firmware
Iboot-Pdu8Sa-N20 Firmware
Iboot-Pdu8A-N20 Firmware
Iboot-Pdu8A-2N20 Firmware

Affected Vendors

Dataprobe

References (2)

Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
47
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate