PT-2022-20960 · Dataprobe · Dataprobe Iboot Pdu
Claroty Research
+1
·
Published
2022-12-21
·
Updated
2023-07-21
·
CVE-2022-3186
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022
Description
The affected product allows an attacker to access the device's main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other devices' information.
Recommendations
For versions prior to 1.42.06162022, update to version 1.42.06162022 or later to resolve the issue. As a temporary workaround, consider restricting access to the device's main management page from the cloud until a patch is applied.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dataprobe Iboot Pdu