5.3
CVE-2022-3187
- EPSS 0.14%
- Veröffentlicht 21.12.2022 23:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:00
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dataprobe ≫ Iboot-pdu4-n20 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu4sa-n15 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu4a-n15 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu4sa-n20 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu4a-n20 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu8sa-n15 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu8a-n15 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu8sa-2n15 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu8a-2n15 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu8sa-n20 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu8a-n20 Firmware Version < 1.42.06162022
Dataprobe ≫ Iboot-pdu8a-2n20 Firmware Version < 1.42.06162022
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.344 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| ics-cert@hq.dhs.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.