Search criteria
33 vulnerabilities found for iboot-pdu8a-2c10_firmware by dataprobe
FKIE_CVE-2023-3263
Vulnerability from fkie_nvd - Published: 2023-08-14 05:15 - Updated: 2024-11-21 08:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75AF2211-53B1-4F67-8297-5594354ECEE0",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C45633-4466-4DA1-87BC-668E97C903B9",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCFF66D-7D0E-4D88-A03F-3F2A1A6796B7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E21D0F-14EE-4B5F-B88C-AEA69F218751",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2EB4DE-CA66-4D74-BCCE-EDDC4FB2CFD7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9C4427-9857-4E60-8D72-20428271E6FC",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828F1A3D-19FD-4304-86CC-422E6A36FA94",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E22AE5-1F67-458A-A15E-D97ECBA22192",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2580B4F-179A-4AEB-9761-700DC2D9D21E",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945D8983-5B68-4317-A481-0F1672939CAB",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E279B412-EE14-419E-A5C8-71CE9A2007A5",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED62B20-FBF2-43B0-AB69-9301CBB2BA23",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB3A4AF-E802-420F-80EE-A3E89D862CD2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169B8589-3268-4D47-9947-D2353E05EDFE",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1518F9D6-DFB2-4A24-947A-C7B03DBE0D3A",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27BF0A-3105-4508-9F9D-5B7AAFC6BFD4",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2568F56-2285-4D3F-ADD2-0D502774F9CF",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A8BB2-BBDF-41AB-AFFD-40A42C40DC30",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC5FD0-5677-4219-85B8-C797BD4246A2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA54E12D-29DD-448A-B9DB-62449DBEC68F",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50080-1D24-4D2D-A0DF-AF7D80FFD513",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD655BA7-113E-4071-832E-8ECB38F10E14",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution."
}
],
"id": "CVE-2023-3263",
"lastModified": "2024-11-21T08:16:49.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-14T05:15:09.833",
"references": [
{
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-289"
}
],
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3264
Vulnerability from fkie_nvd - Published: 2023-08-14 05:15 - Updated: 2024-11-21 08:16
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "054765FB-5866-4141-A0F3-F4A3BCAB7C15",
"versionEndExcluding": "2.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75AF2211-53B1-4F67-8297-5594354ECEE0",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C45633-4466-4DA1-87BC-668E97C903B9",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCFF66D-7D0E-4D88-A03F-3F2A1A6796B7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E21D0F-14EE-4B5F-B88C-AEA69F218751",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2EB4DE-CA66-4D74-BCCE-EDDC4FB2CFD7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9C4427-9857-4E60-8D72-20428271E6FC",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828F1A3D-19FD-4304-86CC-422E6A36FA94",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E22AE5-1F67-458A-A15E-D97ECBA22192",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2580B4F-179A-4AEB-9761-700DC2D9D21E",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945D8983-5B68-4317-A481-0F1672939CAB",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E279B412-EE14-419E-A5C8-71CE9A2007A5",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED62B20-FBF2-43B0-AB69-9301CBB2BA23",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB3A4AF-E802-420F-80EE-A3E89D862CD2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169B8589-3268-4D47-9947-D2353E05EDFE",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1518F9D6-DFB2-4A24-947A-C7B03DBE0D3A",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27BF0A-3105-4508-9F9D-5B7AAFC6BFD4",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2568F56-2285-4D3F-ADD2-0D502774F9CF",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A8BB2-BBDF-41AB-AFFD-40A42C40DC30",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC5FD0-5677-4219-85B8-C797BD4246A2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA54E12D-29DD-448A-B9DB-62449DBEC68F",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50080-1D24-4D2D-A0DF-AF7D80FFD513",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD655BA7-113E-4071-832E-8ECB38F10E14",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.\u00a0A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"id": "CVE-2023-3264",
"lastModified": "2024-11-21T08:16:49.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-14T05:15:09.910",
"references": [
{
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3262
Vulnerability from fkie_nvd - Published: 2023-08-14 04:15 - Updated: 2024-11-21 08:16
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75AF2211-53B1-4F67-8297-5594354ECEE0",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C45633-4466-4DA1-87BC-668E97C903B9",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCFF66D-7D0E-4D88-A03F-3F2A1A6796B7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E21D0F-14EE-4B5F-B88C-AEA69F218751",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2EB4DE-CA66-4D74-BCCE-EDDC4FB2CFD7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9C4427-9857-4E60-8D72-20428271E6FC",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828F1A3D-19FD-4304-86CC-422E6A36FA94",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E22AE5-1F67-458A-A15E-D97ECBA22192",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2580B4F-179A-4AEB-9761-700DC2D9D21E",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945D8983-5B68-4317-A481-0F1672939CAB",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E279B412-EE14-419E-A5C8-71CE9A2007A5",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED62B20-FBF2-43B0-AB69-9301CBB2BA23",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB3A4AF-E802-420F-80EE-A3E89D862CD2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169B8589-3268-4D47-9947-D2353E05EDFE",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1518F9D6-DFB2-4A24-947A-C7B03DBE0D3A",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27BF0A-3105-4508-9F9D-5B7AAFC6BFD4",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2568F56-2285-4D3F-ADD2-0D502774F9CF",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A8BB2-BBDF-41AB-AFFD-40A42C40DC30",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC5FD0-5677-4219-85B8-C797BD4246A2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA54E12D-29DD-448A-B9DB-62449DBEC68F",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50080-1D24-4D2D-A0DF-AF7D80FFD513",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD655BA7-113E-4071-832E-8ECB38F10E14",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"id": "CVE-2023-3262",
"lastModified": "2024-11-21T08:16:49.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-14T04:15:11.043",
"references": [
{
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3259
Vulnerability from fkie_nvd - Published: 2023-08-14 04:15 - Updated: 2024-11-21 08:16
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75AF2211-53B1-4F67-8297-5594354ECEE0",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C45633-4466-4DA1-87BC-668E97C903B9",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCFF66D-7D0E-4D88-A03F-3F2A1A6796B7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E21D0F-14EE-4B5F-B88C-AEA69F218751",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2EB4DE-CA66-4D74-BCCE-EDDC4FB2CFD7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9C4427-9857-4E60-8D72-20428271E6FC",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828F1A3D-19FD-4304-86CC-422E6A36FA94",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E22AE5-1F67-458A-A15E-D97ECBA22192",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2580B4F-179A-4AEB-9761-700DC2D9D21E",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945D8983-5B68-4317-A481-0F1672939CAB",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E279B412-EE14-419E-A5C8-71CE9A2007A5",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED62B20-FBF2-43B0-AB69-9301CBB2BA23",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB3A4AF-E802-420F-80EE-A3E89D862CD2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169B8589-3268-4D47-9947-D2353E05EDFE",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1518F9D6-DFB2-4A24-947A-C7B03DBE0D3A",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27BF0A-3105-4508-9F9D-5B7AAFC6BFD4",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2568F56-2285-4D3F-ADD2-0D502774F9CF",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A8BB2-BBDF-41AB-AFFD-40A42C40DC30",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC5FD0-5677-4219-85B8-C797BD4246A2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA54E12D-29DD-448A-B9DB-62449DBEC68F",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50080-1D24-4D2D-A0DF-AF7D80FFD513",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD655BA7-113E-4071-832E-8ECB38F10E14",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the \"iBootPduSiteAuth\" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information"
}
],
"id": "CVE-2023-3259",
"lastModified": "2024-11-21T08:16:48.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-14T04:15:10.417",
"references": [
{
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3261
Vulnerability from fkie_nvd - Published: 2023-08-14 04:15 - Updated: 2024-11-21 08:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "054765FB-5866-4141-A0F3-F4A3BCAB7C15",
"versionEndExcluding": "2.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75AF2211-53B1-4F67-8297-5594354ECEE0",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C45633-4466-4DA1-87BC-668E97C903B9",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCFF66D-7D0E-4D88-A03F-3F2A1A6796B7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E21D0F-14EE-4B5F-B88C-AEA69F218751",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2EB4DE-CA66-4D74-BCCE-EDDC4FB2CFD7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9C4427-9857-4E60-8D72-20428271E6FC",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828F1A3D-19FD-4304-86CC-422E6A36FA94",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E22AE5-1F67-458A-A15E-D97ECBA22192",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2580B4F-179A-4AEB-9761-700DC2D9D21E",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945D8983-5B68-4317-A481-0F1672939CAB",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E279B412-EE14-419E-A5C8-71CE9A2007A5",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED62B20-FBF2-43B0-AB69-9301CBB2BA23",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB3A4AF-E802-420F-80EE-A3E89D862CD2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169B8589-3268-4D47-9947-D2353E05EDFE",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1518F9D6-DFB2-4A24-947A-C7B03DBE0D3A",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27BF0A-3105-4508-9F9D-5B7AAFC6BFD4",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2568F56-2285-4D3F-ADD2-0D502774F9CF",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A8BB2-BBDF-41AB-AFFD-40A42C40DC30",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC5FD0-5677-4219-85B8-C797BD4246A2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA54E12D-29DD-448A-B9DB-62449DBEC68F",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50080-1D24-4D2D-A0DF-AF7D80FFD513",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD655BA7-113E-4071-832E-8ECB38F10E14",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server."
}
],
"id": "CVE-2023-3261",
"lastModified": "2024-11-21T08:16:49.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-14T04:15:10.940",
"references": [
{
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3260
Vulnerability from fkie_nvd - Published: 2023-08-14 04:15 - Updated: 2024-11-21 08:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyberpower:powerpanel_server:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "054765FB-5866-4141-A0F3-F4A3BCAB7C15",
"versionEndExcluding": "2.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75AF2211-53B1-4F67-8297-5594354ECEE0",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C45633-4466-4DA1-87BC-668E97C903B9",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCFF66D-7D0E-4D88-A03F-3F2A1A6796B7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E21D0F-14EE-4B5F-B88C-AEA69F218751",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2EB4DE-CA66-4D74-BCCE-EDDC4FB2CFD7",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9C4427-9857-4E60-8D72-20428271E6FC",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "828F1A3D-19FD-4304-86CC-422E6A36FA94",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62E22AE5-1F67-458A-A15E-D97ECBA22192",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2580B4F-179A-4AEB-9761-700DC2D9D21E",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945D8983-5B68-4317-A481-0F1672939CAB",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E279B412-EE14-419E-A5C8-71CE9A2007A5",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED62B20-FBF2-43B0-AB69-9301CBB2BA23",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB3A4AF-E802-420F-80EE-A3E89D862CD2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169B8589-3268-4D47-9947-D2353E05EDFE",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1518F9D6-DFB2-4A24-947A-C7B03DBE0D3A",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF27BF0A-3105-4508-9F9D-5B7AAFC6BFD4",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2568F56-2285-4D3F-ADD2-0D502774F9CF",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A8BB2-BBDF-41AB-AFFD-40A42C40DC30",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC5FD0-5677-4219-85B8-C797BD4246A2",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA54E12D-29DD-448A-B9DB-62449DBEC68F",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50080-1D24-4D2D-A0DF-AF7D80FFD513",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD655BA7-113E-4071-832E-8ECB38F10E14",
"versionEndExcluding": "1.44.0804202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system."
}
],
"id": "CVE-2023-3260",
"lastModified": "2024-11-21T08:16:49.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-14T04:15:10.830",
"references": [
{
"source": "trellixpsirt@trellix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "trellixpsirt@trellix.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-46738
Vulnerability from fkie_nvd - Published: 2023-05-22 23:15 - Updated: 2024-11-21 07:30
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05060302-F6DE-4EAF-9356-8CD785ABDE7D",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2071B9-BF2C-4A12-BA35-32BB59E210DB",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166422E2-0734-4F7E-B2FE-0EB461AFDD32",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80159239-E373-4399-AF14-5FC3B1F7BFBF",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCC5B8-ED6E-4FCA-BA07-4D2AA1D26F50",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D43D904E-6B72-44B4-A158-D6A7C30504A3",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB35A114-99E7-44C6-B53B-B293AA9D9815",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37DFE8A-F733-48D3-8BF6-ECC98A476C54",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD2CA81-44E6-4499-9F5C-502F060A3B8F",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E012434-72F0-4BD6-ACA4-DF7E12FB9033",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08FCBA2-94B8-44F9-921F-0CDD03D7903A",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3577400F-ADC8-4EBF-AFEE-DE165391BE12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02EF4F49-FCB7-44C8-BC83-8A3519807338",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FD2A-0422-4778-812F-EBCDF19A1253",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4192B-D9F4-4886-BDDE-5859A89B6221",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64CD7F9-D8BB-4717-90B5-FBFE01B00CB5",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB49899D-165E-4B57-A3F5-D6ADDD138E12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E032CC0E-0E19-490A-B3A2-5BA82DA52FC0",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9621CA-4AC7-4BA5-940D-E76E795502A2",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0AB74D-DFDD-4B8F-9AFB-158E8C09A6F4",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF765E11-57A1-444F-840B-321944679F4B",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AD7C27-EFF5-4302-9B7F-0AFF190F1893",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin."
}
],
"id": "CVE-2022-46738",
"lastModified": "2024-11-21T07:30:59.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T23:15:09.350",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified"
}
FKIE_CVE-2022-47311
Vulnerability from fkie_nvd - Published: 2023-05-22 23:15 - Updated: 2024-11-21 07:31
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05060302-F6DE-4EAF-9356-8CD785ABDE7D",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2071B9-BF2C-4A12-BA35-32BB59E210DB",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166422E2-0734-4F7E-B2FE-0EB461AFDD32",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80159239-E373-4399-AF14-5FC3B1F7BFBF",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCC5B8-ED6E-4FCA-BA07-4D2AA1D26F50",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D43D904E-6B72-44B4-A158-D6A7C30504A3",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB35A114-99E7-44C6-B53B-B293AA9D9815",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37DFE8A-F733-48D3-8BF6-ECC98A476C54",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD2CA81-44E6-4499-9F5C-502F060A3B8F",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E012434-72F0-4BD6-ACA4-DF7E12FB9033",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08FCBA2-94B8-44F9-921F-0CDD03D7903A",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3577400F-ADC8-4EBF-AFEE-DE165391BE12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02EF4F49-FCB7-44C8-BC83-8A3519807338",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FD2A-0422-4778-812F-EBCDF19A1253",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4192B-D9F4-4886-BDDE-5859A89B6221",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64CD7F9-D8BB-4717-90B5-FBFE01B00CB5",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB49899D-165E-4B57-A3F5-D6ADDD138E12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E032CC0E-0E19-490A-B3A2-5BA82DA52FC0",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9621CA-4AC7-4BA5-940D-E76E795502A2",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0AB74D-DFDD-4B8F-9AFB-158E8C09A6F4",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF765E11-57A1-444F-840B-321944679F4B",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AD7C27-EFF5-4302-9B7F-0AFF190F1893",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection."
}
],
"id": "CVE-2022-47311",
"lastModified": "2024-11-21T07:31:42.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T23:15:09.423",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified"
}
FKIE_CVE-2022-46658
Vulnerability from fkie_nvd - Published: 2023-05-22 23:15 - Updated: 2024-11-21 07:30
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05060302-F6DE-4EAF-9356-8CD785ABDE7D",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2071B9-BF2C-4A12-BA35-32BB59E210DB",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166422E2-0734-4F7E-B2FE-0EB461AFDD32",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80159239-E373-4399-AF14-5FC3B1F7BFBF",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCC5B8-ED6E-4FCA-BA07-4D2AA1D26F50",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D43D904E-6B72-44B4-A158-D6A7C30504A3",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB35A114-99E7-44C6-B53B-B293AA9D9815",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37DFE8A-F733-48D3-8BF6-ECC98A476C54",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD2CA81-44E6-4499-9F5C-502F060A3B8F",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E012434-72F0-4BD6-ACA4-DF7E12FB9033",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08FCBA2-94B8-44F9-921F-0CDD03D7903A",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3577400F-ADC8-4EBF-AFEE-DE165391BE12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02EF4F49-FCB7-44C8-BC83-8A3519807338",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FD2A-0422-4778-812F-EBCDF19A1253",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4192B-D9F4-4886-BDDE-5859A89B6221",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64CD7F9-D8BB-4717-90B5-FBFE01B00CB5",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB49899D-165E-4B57-A3F5-D6ADDD138E12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E032CC0E-0E19-490A-B3A2-5BA82DA52FC0",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9621CA-4AC7-4BA5-940D-E76E795502A2",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0AB74D-DFDD-4B8F-9AFB-158E8C09A6F4",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF765E11-57A1-444F-840B-321944679F4B",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AD7C27-EFF5-4302-9B7F-0AFF190F1893",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution."
}
],
"id": "CVE-2022-46658",
"lastModified": "2024-11-21T07:30:51.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T23:15:09.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified"
}
FKIE_CVE-2022-47320
Vulnerability from fkie_nvd - Published: 2023-05-22 23:15 - Updated: 2024-11-21 07:31
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05060302-F6DE-4EAF-9356-8CD785ABDE7D",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2071B9-BF2C-4A12-BA35-32BB59E210DB",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166422E2-0734-4F7E-B2FE-0EB461AFDD32",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80159239-E373-4399-AF14-5FC3B1F7BFBF",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCC5B8-ED6E-4FCA-BA07-4D2AA1D26F50",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D43D904E-6B72-44B4-A158-D6A7C30504A3",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB35A114-99E7-44C6-B53B-B293AA9D9815",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37DFE8A-F733-48D3-8BF6-ECC98A476C54",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD2CA81-44E6-4499-9F5C-502F060A3B8F",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E012434-72F0-4BD6-ACA4-DF7E12FB9033",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08FCBA2-94B8-44F9-921F-0CDD03D7903A",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3577400F-ADC8-4EBF-AFEE-DE165391BE12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02EF4F49-FCB7-44C8-BC83-8A3519807338",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FD2A-0422-4778-812F-EBCDF19A1253",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4192B-D9F4-4886-BDDE-5859A89B6221",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64CD7F9-D8BB-4717-90B5-FBFE01B00CB5",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB49899D-165E-4B57-A3F5-D6ADDD138E12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E032CC0E-0E19-490A-B3A2-5BA82DA52FC0",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9621CA-4AC7-4BA5-940D-E76E795502A2",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0AB74D-DFDD-4B8F-9AFB-158E8C09A6F4",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF765E11-57A1-444F-840B-321944679F4B",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AD7C27-EFF5-4302-9B7F-0AFF190F1893",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The iBoot device\u2019s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes."
}
],
"id": "CVE-2022-47320",
"lastModified": "2024-11-21T07:31:42.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T23:15:09.493",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified"
}
FKIE_CVE-2022-4945
Vulnerability from fkie_nvd - Published: 2023-05-22 22:15 - Updated: 2024-11-21 07:36
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05060302-F6DE-4EAF-9356-8CD785ABDE7D",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2071B9-BF2C-4A12-BA35-32BB59E210DB",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "166422E2-0734-4F7E-B2FE-0EB461AFDD32",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80159239-E373-4399-AF14-5FC3B1F7BFBF",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCC5B8-ED6E-4FCA-BA07-4D2AA1D26F50",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D43D904E-6B72-44B4-A158-D6A7C30504A3",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB35A114-99E7-44C6-B53B-B293AA9D9815",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37DFE8A-F733-48D3-8BF6-ECC98A476C54",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD2CA81-44E6-4499-9F5C-502F060A3B8F",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E012434-72F0-4BD6-ACA4-DF7E12FB9033",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08FCBA2-94B8-44F9-921F-0CDD03D7903A",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3577400F-ADC8-4EBF-AFEE-DE165391BE12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02EF4F49-FCB7-44C8-BC83-8A3519807338",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12B9705B-B21D-450B-A62B-933DC81A19E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FD2A-0422-4778-812F-EBCDF19A1253",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B2F4-6586-4E05-BDE9-DFDBA7BD3739",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC4192B-D9F4-4886-BDDE-5859A89B6221",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBA453E-67D9-4760-89A6-6CF8C632C6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64CD7F9-D8BB-4717-90B5-FBFE01B00CB5",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5042C3C1-3964-437B-98C1-0458F73B7197",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB49899D-165E-4B57-A3F5-D6ADDD138E12",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD2B738-620D-42F8-881C-A6B293B724BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E032CC0E-0E19-490A-B3A2-5BA82DA52FC0",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C46D12-6699-4BAC-AC47-7B150AECAF9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9621CA-4AC7-4BA5-940D-E76E795502A2",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1139B205-02DA-4155-897C-F5D4191686A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0AB74D-DFDD-4B8F-9AFB-158E8C09A6F4",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BFD7F-0EDC-4CA0-9BEE-2CD0C83CAA05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2c10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF765E11-57A1-444F-840B-321944679F4B",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2c10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518EE433-9E08-40FE-90F7-48E8AC934743",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-c20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AD7C27-EFF5-4302-9B7F-0AFF190F1893",
"versionEndExcluding": "1.42.06162022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-c20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1522EB30-AB31-47E3-B2EB-90CE231C284B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user\u0027s cloud."
}
],
"id": "CVE-2022-4945",
"lastModified": "2024-11-21T07:36:18.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T22:15:09.870",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified"
}
CVE-2023-3264 (GCVE-0-2023-3264)
Vulnerability from cvelistv5 – Published: 2023-08-14 04:05 – Updated: 2024-10-09 14:40
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Credits
Sam Quinn
Jesse Chick
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:40:43.915488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:40:56.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"status": "affected",
"version": "v2.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jesse Chick"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.\u0026nbsp;A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.\u00a0A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:03:24.641Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3264",
"datePublished": "2023-08-14T04:05:58.124Z",
"dateReserved": "2023-06-15T06:50:29.804Z",
"dateUpdated": "2024-10-09T14:40:56.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3263 (GCVE-0-2023-3263)
Vulnerability from cvelistv5 – Published: 2023-08-14 04:02 – Updated: 2024-10-09 14:44
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.
Severity ?
7.5 (High)
CWE
- CWE-289 - Authentication Bypass by Alternate Name
Assigner
References
Impacted products
Credits
Sam Quinn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dataprobe:iboot_pdu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "iboot_pdu",
"vendor": "dataprobe",
"versions": [
{
"lessThanOrEqual": "1.43.03312023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:41:13.535050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:44:21.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution."
}
],
"impacts": [
{
"capecId": "CAPEC-421",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-421 Influence Perception of Authority"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-289",
"description": "CWE-289: Authentication Bypass by Alternate Name",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T04:02:55.740Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3263",
"datePublished": "2023-08-14T04:02:55.740Z",
"dateReserved": "2023-06-15T06:50:27.340Z",
"dateUpdated": "2024-10-09T14:44:21.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3262 (GCVE-0-2023-3262)
Vulnerability from cvelistv5 – Published: 2023-08-14 03:59 – Updated: 2024-10-09 14:45
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Credits
Jesse Chick
Sam Quinn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dataprobe:iboot_pdu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "iboot_pdu",
"vendor": "dataprobe",
"versions": [
{
"lessThanOrEqual": "1.43.03312023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:44:44.532455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:45:31.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jesse Chick "
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:09:31.582Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3262",
"datePublished": "2023-08-14T03:59:51.212Z",
"dateReserved": "2023-06-15T06:50:25.309Z",
"dateUpdated": "2024-10-09T14:45:31.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3261 (GCVE-0-2023-3261)
Vulnerability from cvelistv5 – Published: 2023-08-14 03:53 – Updated: 2024-10-09 14:46
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.
Severity ?
7.5 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
Credits
Sam Quinn
Douglas McKee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:45:59.188449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:46:12.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Douglas McKee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:07:39.859Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3261",
"datePublished": "2023-08-14T03:53:59.429Z",
"dateReserved": "2023-06-15T06:50:23.491Z",
"dateUpdated": "2024-10-09T14:46:12.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3260 (GCVE-0-2023-3260)
Vulnerability from cvelistv5 – Published: 2023-08-14 03:51 – Updated: 2024-10-09 13:23
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
Credits
Sam Quinn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:23:26.885656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:23:37.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThan": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:06:44.868Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3260",
"datePublished": "2023-08-14T03:51:52.015Z",
"dateReserved": "2023-06-15T06:50:21.260Z",
"dateUpdated": "2024-10-09T13:23:37.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3259 (GCVE-0-2023-3259)
Vulnerability from cvelistv5 – Published: 2023-08-14 03:49 – Updated: 2024-10-09 13:30
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Credits
Philippe Laulheret
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dataprobe:iboot_pdu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "iboot_pdu",
"vendor": "dataprobe",
"versions": [
{
"status": "affected",
"version": "1.43.03312023"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:25:23.948360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:30:19.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Philippe Laulheret"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the \"iBootPduSiteAuth\" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information"
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the \"iBootPduSiteAuth\" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T03:49:59.889Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3259",
"datePublished": "2023-08-14T03:49:59.889Z",
"dateReserved": "2023-06-15T06:48:44.547Z",
"dateUpdated": "2024-10-09T13:30:19.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46658 (GCVE-0-2022-46658)
Vulnerability from cvelistv5 – Published: 2023-05-22 22:46 – Updated: 2025-01-16 21:32
VLAI?
Summary
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dataprobe, Inc. | Dataprobe iBoot-PDU FW |
Affected:
0 , < 1.42.06162022
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:20:57.839826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:32:18.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dataprobe iBoot-PDU FW",
"vendor": "Dataprobe, Inc.",
"versions": [
{
"lessThan": "1.42.06162022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T22:47:02.167Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-46658",
"x_generator": {
"engine": "VINCE 2.1.1",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-46658"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46658",
"datePublished": "2023-05-22T22:46:13.216Z",
"dateReserved": "2022-12-21T17:02:52.840Z",
"dateUpdated": "2025-01-16T21:32:18.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46738 (GCVE-0-2022-46738)
Vulnerability from cvelistv5 – Published: 2023-05-22 22:36 – Updated: 2025-01-16 21:32
VLAI?
Summary
The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dataprobe, Inc. | Dataprobe iBoot-PDU FW |
Affected:
0 , < 1.42.06162022
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:55:23.679981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:32:24.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dataprobe iBoot-PDU FW",
"vendor": "Dataprobe, Inc.",
"versions": [
{
"lessThan": "1.42.06162022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T22:36:40.682Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-46738",
"x_generator": {
"engine": "VINCE 2.1.1",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-46738"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46738",
"datePublished": "2023-05-22T22:36:40.682Z",
"dateReserved": "2022-12-21T17:02:52.835Z",
"dateUpdated": "2025-01-16T21:32:24.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47320 (GCVE-0-2022-47320)
Vulnerability from cvelistv5 – Published: 2023-05-22 22:30 – Updated: 2025-01-16 21:32
VLAI?
Summary
The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.
Severity ?
8.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dataprobe, Inc. | Dataprobe iBoot-PDU FW |
Affected:
0 , < 1.42.06162022
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:30:04.571383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:32:32.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dataprobe iBoot-PDU FW",
"vendor": "Dataprobe, Inc.",
"versions": [
{
"lessThan": "1.42.06162022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The iBoot device\u2019s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T22:30:59.073Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-47320",
"x_generator": {
"engine": "VINCE 2.1.1",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-47320"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-47320",
"datePublished": "2023-05-22T22:30:59.073Z",
"dateReserved": "2022-12-21T17:02:52.826Z",
"dateUpdated": "2025-01-16T21:32:32.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47311 (GCVE-0-2022-47311)
Vulnerability from cvelistv5 – Published: 2023-05-22 22:12 – Updated: 2025-01-16 21:32
VLAI?
Summary
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.
Severity ?
8.5 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dataprobe, Inc. | Dataprobe iBoot-PDU FW |
Affected:
0 , < 1.42.06162022
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:21:00.772667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:32:39.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dataprobe iBoot-PDU FW",
"vendor": "Dataprobe, Inc.",
"versions": [
{
"lessThan": "1.42.06162022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T22:12:51.152Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-47311",
"x_generator": {
"engine": "VINCE 2.1.1",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-47311"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-47311",
"datePublished": "2023-05-22T22:12:51.152Z",
"dateReserved": "2022-12-21T17:02:52.831Z",
"dateUpdated": "2025-01-16T21:32:39.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3264 (GCVE-0-2023-3264)
Vulnerability from nvd – Published: 2023-08-14 04:05 – Updated: 2024-10-09 14:40
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Credits
Sam Quinn
Jesse Chick
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:40:43.915488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:40:56.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"status": "affected",
"version": "v2.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jesse Chick"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.\u0026nbsp;A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.\u00a0A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:03:24.641Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3264",
"datePublished": "2023-08-14T04:05:58.124Z",
"dateReserved": "2023-06-15T06:50:29.804Z",
"dateUpdated": "2024-10-09T14:40:56.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3263 (GCVE-0-2023-3263)
Vulnerability from nvd – Published: 2023-08-14 04:02 – Updated: 2024-10-09 14:44
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.
Severity ?
7.5 (High)
CWE
- CWE-289 - Authentication Bypass by Alternate Name
Assigner
References
Impacted products
Credits
Sam Quinn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dataprobe:iboot_pdu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "iboot_pdu",
"vendor": "dataprobe",
"versions": [
{
"lessThanOrEqual": "1.43.03312023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:41:13.535050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:44:21.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution."
}
],
"impacts": [
{
"capecId": "CAPEC-421",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-421 Influence Perception of Authority"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-289",
"description": "CWE-289: Authentication Bypass by Alternate Name",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T04:02:55.740Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3263",
"datePublished": "2023-08-14T04:02:55.740Z",
"dateReserved": "2023-06-15T06:50:27.340Z",
"dateUpdated": "2024-10-09T14:44:21.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3262 (GCVE-0-2023-3262)
Vulnerability from nvd – Published: 2023-08-14 03:59 – Updated: 2024-10-09 14:45
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Credits
Jesse Chick
Sam Quinn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dataprobe:iboot_pdu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "iboot_pdu",
"vendor": "dataprobe",
"versions": [
{
"lessThanOrEqual": "1.43.03312023",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:44:44.532455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:45:31.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jesse Chick "
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:09:31.582Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3262",
"datePublished": "2023-08-14T03:59:51.212Z",
"dateReserved": "2023-06-15T06:50:25.309Z",
"dateUpdated": "2024-10-09T14:45:31.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3261 (GCVE-0-2023-3261)
Vulnerability from nvd – Published: 2023-08-14 03:53 – Updated: 2024-10-09 14:46
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.
Severity ?
7.5 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
Credits
Sam Quinn
Douglas McKee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:45:59.188449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:46:12.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Douglas McKee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:07:39.859Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3261",
"datePublished": "2023-08-14T03:53:59.429Z",
"dateReserved": "2023-06-15T06:50:23.491Z",
"dateUpdated": "2024-10-09T14:46:12.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3260 (GCVE-0-2023-3260)
Vulnerability from nvd – Published: 2023-08-14 03:51 – Updated: 2024-10-09 13:23
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
Credits
Sam Quinn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:23:26.885656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:23:37.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThan": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Quinn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system."
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T05:06:44.868Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3260",
"datePublished": "2023-08-14T03:51:52.015Z",
"dateReserved": "2023-06-15T06:50:21.260Z",
"dateUpdated": "2024-10-09T13:23:37.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3259 (GCVE-0-2023-3259)
Vulnerability from nvd – Published: 2023-08-14 03:49 – Updated: 2024-10-09 13:30
VLAI?
Summary
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Credits
Philippe Laulheret
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dataprobe:iboot_pdu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "iboot_pdu",
"vendor": "dataprobe",
"versions": [
{
"status": "affected",
"version": "1.43.03312023"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:25:23.948360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:30:19.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iBoot PDU",
"vendor": "Dataprobe",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.43.03312023",
"status": "affected",
"version": "1.43.03312023",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Philippe Laulheret"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the \"iBootPduSiteAuth\" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information"
}
],
"value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the \"iBootPduSiteAuth\" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T03:49:59.889Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2023-3259",
"datePublished": "2023-08-14T03:49:59.889Z",
"dateReserved": "2023-06-15T06:48:44.547Z",
"dateUpdated": "2024-10-09T13:30:19.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46658 (GCVE-0-2022-46658)
Vulnerability from nvd – Published: 2023-05-22 22:46 – Updated: 2025-01-16 21:32
VLAI?
Summary
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dataprobe, Inc. | Dataprobe iBoot-PDU FW |
Affected:
0 , < 1.42.06162022
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:20:57.839826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:32:18.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dataprobe iBoot-PDU FW",
"vendor": "Dataprobe, Inc.",
"versions": [
{
"lessThan": "1.42.06162022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T22:47:02.167Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-46658",
"x_generator": {
"engine": "VINCE 2.1.1",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-46658"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46658",
"datePublished": "2023-05-22T22:46:13.216Z",
"dateReserved": "2022-12-21T17:02:52.840Z",
"dateUpdated": "2025-01-16T21:32:18.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46738 (GCVE-0-2022-46738)
Vulnerability from nvd – Published: 2023-05-22 22:36 – Updated: 2025-01-16 21:32
VLAI?
Summary
The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dataprobe, Inc. | Dataprobe iBoot-PDU FW |
Affected:
0 , < 1.42.06162022
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:55:23.679981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:32:24.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dataprobe iBoot-PDU FW",
"vendor": "Dataprobe, Inc.",
"versions": [
{
"lessThan": "1.42.06162022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T22:36:40.682Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-46738",
"x_generator": {
"engine": "VINCE 2.1.1",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-46738"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46738",
"datePublished": "2023-05-22T22:36:40.682Z",
"dateReserved": "2022-12-21T17:02:52.835Z",
"dateUpdated": "2025-01-16T21:32:24.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47320 (GCVE-0-2022-47320)
Vulnerability from nvd – Published: 2023-05-22 22:30 – Updated: 2025-01-16 21:32
VLAI?
Summary
The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.
Severity ?
8.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dataprobe, Inc. | Dataprobe iBoot-PDU FW |
Affected:
0 , < 1.42.06162022
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"tags": [
"x_transferred"
],
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:30:04.571383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:32:32.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dataprobe iBoot-PDU FW",
"vendor": "Dataprobe, Inc.",
"versions": [
{
"lessThan": "1.42.06162022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The iBoot device\u2019s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T22:30:59.073Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03"
},
{
"url": "https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-47320",
"x_generator": {
"engine": "VINCE 2.1.1",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-47320"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-47320",
"datePublished": "2023-05-22T22:30:59.073Z",
"dateReserved": "2022-12-21T17:02:52.826Z",
"dateUpdated": "2025-01-16T21:32:32.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}