PT-2022-20970 · Dataprobe · Dataprobe Iboot Pdu

Claroty Research

Published

2022-12-21

Updated

2022-12-28

CVE-2022-3188

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dataprobe iBoot-PDU FW versions prior to 1.42.06162022

Description The issue allows unauthenticated users to open PHP index pages without authentication and download the history file from the device. The history file includes the latest actions completed by specific users.

Recommendations For versions prior to 1.42.06162022, update to version 1.42.06162022 or later to resolve the issue. As a temporary workaround, consider restricting access to PHP index pages to prevent unauthorized downloads of the history file.

Fix

Incorrect Authorization

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-306

Related Identifiers

CVE-2022-3188

Affected Products

Dataprobe Iboot Pdu

PT-2022-20970 · Dataprobe · Dataprobe Iboot Pdu

CVE-2022-3188

Weakness Enumeration

Related Identifiers

Affected Products

References · 5