CVE-2022-3184

Published: Dic 21, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-42601 Aliases: GSD-2022-3184
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0210
Percentile
0,8th
Updated

EPSS Score Trend (Last 91 Days)

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Operating System

Iboot-Pdu4-N20 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu4-N20 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu4A-N15 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu4A-N15 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu8A-2N20 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu8A-2N20 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu4Sa-N15 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu4Sa-N15 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu8Sa-N20 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu8Sa-N20 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu4A-N20 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu4A-N20 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu4Sa-N20 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu4Sa-N20 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu8A-N15 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu8A-N15 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu8Sa-2N15 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu8Sa-2N15 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu8Sa-N15 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu8Sa-N15 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu8A-2N15 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu8A-2N15 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Iboot-Pdu8A-N20 Firmware by Dataprobe

Product Information
Vendor Dataprobe
Product Iboot-Pdu8A-N20 Firmware
Version Range Affected
To 1.42.06162022 (exclusive)
cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
Patch Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
Patch Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03