CVE-2022-3186

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 Patch Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 8.6
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 - Patch, Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 - Patch, Third Party Advisory, US Government Resource

07 Nov 2023, 03:50

Type Values Removed Values Added
Summary Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information. Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.

21 Jul 2023, 19:25

Type Values Removed Values Added
CWE CWE-284 NVD-CWE-Other

Information

Published : 2022-12-21 23:15

Updated : 2024-11-21 07:19


NVD link : CVE-2022-3186

Mitre link : CVE-2022-3186

CVE.ORG link : CVE-2022-3186


JSON object : View

Products Affected

dataprobe

  • iboot-pdu4-n20
  • iboot-pdu8a-n15
  • iboot-pdu4sa-n20
  • iboot-pdu4sa-n15_firmware
  • iboot-pdu8sa-n15
  • iboot-pdu8a-n15_firmware
  • iboot-pdu4-n20_firmware
  • iboot-pdu8a-2n20
  • iboot-pdu4a-n15_firmware
  • iboot-pdu8sa-2n15
  • iboot-pdu8a-2n15
  • iboot-pdu8sa-2n15_firmware
  • iboot-pdu4a-n15
  • iboot-pdu4a-n20
  • iboot-pdu8sa-n15_firmware
  • iboot-pdu8a-n20
  • iboot-pdu8a-2n15_firmware
  • iboot-pdu8a-n20_firmware
  • iboot-pdu8sa-n20_firmware
  • iboot-pdu4a-n20_firmware
  • iboot-pdu4sa-n15
  • iboot-pdu8sa-n20
  • iboot-pdu8a-2n20_firmware
  • iboot-pdu4sa-n20_firmware
CWE
CWE-284

Improper Access Control

NVD-CWE-Other