Critical Vulnerabilities in Dataprobe iBoot-PDU Power Distribution Units
Dataprobe has released firmware updates to address several critical and high-severity vulnerabilities in iBoot-PDU power distribution units
Summary
Dataprobe has released firmware updates to address several critical and high-severity vulnerabilities in iBoot-PDU power distribution units
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Dataprobe has released a firmware security update to address seven vulnerabilities in their iBoot-PDU power distribution unit operating system. The vulnerabilities CVE-2022-3183 and CVE-2022-3184 relate to operating system command injection and path traversal, and both are rated as 9.8 on the CVSSv3 scale.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Remediation advice
Affected organisations are encouraged to review the iBoot-PDU support page and apply the necessary updates or workarounds.
Dataprobe also recommends disabling the SNMP if it is not in use.
Remediation steps
| Type | Step |
|---|---|
| Patch |
iBoot-PDU Firmware Update Version 1.42.06162022 https://dataprobe.com/support-iboot-pdu/ |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 22 September 2022 12:48 pm