Lucene search

IcscertCVELIST:CVE-2022-3183

HistoryDec 21, 2022 - 10:24 p.m.

CVE-2022-3183

2022-12-2122:24:46

CWE-78

icscert

www.cve.org

dataprobe

iboot-pdu

firmware

vulnerability

os command injection

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "iBoot-PDU FW",
    "vendor": "Dataprobe",
    "versions": [
      {
        "lessThanOrEqual": "1.42.06162022",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-263-03

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

Related for CVELIST:CVE-2022-3183