{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3188", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-09-12T20:23:20.070Z", "datePublished": "2022-12-21T22:30:19.937Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "iBoot-PDU FW", "vendor": "Dataprobe", "versions": [{"lessThanOrEqual": "1.42.06162022", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Uri Katz"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Claroty Research"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">where u</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">nauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.</span>\n\n </span>\n\n</p>"}], "value": "Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability\u00a0where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.\n\n \n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-12-21T22:30:19.937Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Dataprobe has released the following version update to mitigate these vulnerabilities:</p><ul><li>iBoot-PDU FW: <a target=\"_blank\" rel=\"nofollow\" href=\"https://dataprobe.com/support-iboot-pdu/\">Version 1.42.06162022</a></li></ul><p>Dataprobe also recommends users to disable the SNMP if it is not in use. </p>\n\n<br>"}], "value": "\nDataprobe has released the following version update to mitigate these vulnerabilities:\n\n * iBoot-PDU FW: Version 1.42.06162022 https://dataprobe.com/support-iboot-pdu/ \n\n\nDataprobe also recommends users to disable the SNMP if it is not in use. \n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05060302-F6DE-4EAF-9356-8CD785ABDE7D", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D2071B9-BF2C-4A12-BA35-32BB59E210DB", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "166422E2-0734-4F7E-B2FE-0EB461AFDD32", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80159239-E373-4399-AF14-5FC3B1F7BFBF", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FCCC5B8-ED6E-4FCA-BA07-4D2AA1D26F50", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D43D904E-6B72-44B4-A158-D6A7C30504A3", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB35A114-99E7-44C6-B53B-B293AA9D9815", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C37DFE8A-F733-48D3-8BF6-ECC98A476C54", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAD2CA81-44E6-4499-9F5C-502F060A3B8F", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E012434-72F0-4BD6-ACA4-DF7E12FB9033", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F08FCBA2-94B8-44F9-921F-0CDD03D7903A", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3577400F-ADC8-4EBF-AFEE-DE165391BE12", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability\u00a0where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.\n\n \n\n\n\n"}, {"lang": "es", "value": "Las versiones de firmware de Dataprobe iBoot-PDU anteriores a 1.42.06162022 contienen una vulnerabilidad por la que usuarios no autenticados pod\u00edan abrir p\u00e1ginas de \u00edndice PHP sin autenticaci\u00f3n y descargar el archivo hist\u00f3rico del dispositivo; el archivo de historial incluye las \u00faltimas acciones completadas por usuarios espec\u00edficos."}], "id": "CVE-2022-3188", "lastModified": "2023-11-07T03:50:57.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-12-21T23:15:09.887", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}