Lucene search

IcscertCVELIST:CVE-2022-46738

HistoryMay 22, 2023 - 10:36 p.m.

CVE-2022-46738 CVE-2022-46738

2023-05-2222:36:40

icscert

www.cve.org

cve-2022-46738

sensitive data

snmp

admin login

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.

CNA Affected

[
  {
    "vendor": "Dataprobe, Inc.",
    "product": "Dataprobe iBoot-PDU FW",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.42.06162022",
        "versionType": "custom"
      }
    ]
  }
]

References

dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf

www.cisa.gov/news-events/ics-advisories/icsa-22-263-03

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVELIST:CVE-2022-46738