CVE-2022-3186 — HIGH (8.6) — White Hats Nepal

Q: How severe is CVE-2022-3186?

CVE-2022-3186 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3186?

Check the references section above for vendor advisories and patch information. Affected products include: Dataprobe Iboot-Pdu4-N20 Firmware, Dataprobe Iboot-Pdu4-N20, Dataprobe Iboot-Pdu4Sa-N15 Firmware, Dataprobe Iboot-Pdu4Sa-N15, Dataprobe Iboot-Pdu4A-N15 Firmware.

Vulnerability Description

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dataprobe	Iboot-Pdu4-N20 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu4-N20	-
Dataprobe	Iboot-Pdu4Sa-N15 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu4Sa-N15	-
Dataprobe	Iboot-Pdu4A-N15 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu4A-N15	-
Dataprobe	Iboot-Pdu4Sa-N20 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu4Sa-N20	-
Dataprobe	Iboot-Pdu4A-N20 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu4A-N20	-
Dataprobe	Iboot-Pdu8Sa-N15 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu8Sa-N15	-
Dataprobe	Iboot-Pdu8A-N15 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu8A-N15	-
Dataprobe	Iboot-Pdu8Sa-2N15 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu8Sa-2N15	-
Dataprobe	Iboot-Pdu8A-2N15 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu8A-2N15	-
Dataprobe	Iboot-Pdu8Sa-N20 Firmware	< 1.42.06162022
Dataprobe	Iboot-Pdu8Sa-N20	-

Related Weaknesses (CWE)

CWE-284

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03PatchThird Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03PatchThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-3186?

CVE-2022-3186 is a vulnerability with a CVSS score of 8.6 (HIGH). Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature en...

How severe is CVE-2022-3186?

CVE-2022-3186 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3186?

Check the references section above for vendor advisories and patch information. Affected products include: Dataprobe Iboot-Pdu4-N20 Firmware, Dataprobe Iboot-Pdu4-N20, Dataprobe Iboot-Pdu4Sa-N15 Firmware, Dataprobe Iboot-Pdu4Sa-N15, Dataprobe Iboot-Pdu4A-N15 Firmware.