PT-2022-20963 · Dataprobe · Dataprobe Iboot Pdu
Claroty Research
+1
·
Published
2022-12-21
·
Updated
2022-12-28
·
CVE-2022-3187
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022
Description
The issue arises from certain PHP pages only validating when a valid connection is established with the database, but not verifying the validity of a user. This lack of verification allows attackers to potentially read the state of outlets.
Recommendations
For versions prior to 1.42.06162022, update to version 1.42.06162022 or later to resolve the issue. As a temporary workaround, consider restricting access to the PHP pages that do not verify user validity to minimize the risk of exploitation.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dataprobe Iboot Pdu