PT-2022-20976 · Dataprobe · Dataprobe Iboot Pdu
Claroty Research
+1
·
Published
2022-09-21
·
Updated
2022-12-28
·
CVE-2022-3189
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022
Description
The issue allows a specially crafted PHP script to use parameters from an HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter.
Recommendations
For versions prior to 1.42.06162022, update to version 1.42.06162022 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP request parameters to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dataprobe Iboot Pdu