Skip to main content

Critical Vulnerabilities in Dataprobe iBoot-PDU Power Distribution Units

Dataprobe has released firmware updates to address several critical and high-severity vulnerabilities in iBoot-PDU power distribution units

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Dataprobe has released firmware updates to address several critical and high-severity vulnerabilities in iBoot-PDU power distribution units


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Dataprobe has released a firmware security update to address seven vulnerabilities in their iBoot-PDU power distribution unit operating system. The vulnerabilities CVE-2022-3183 and CVE-2022-3184 relate to operating system command injection and path traversal, and both are rated as 9.8 on the CVSSv3 scale.

A remote attacker could exploit some of these vulnerabilities to take control of an affected system.


Remediation advice

Affected organisations are encouraged to review the iBoot-PDU support page and apply the necessary updates or workarounds.

Dataprobe also recommends disabling the SNMP if it is not in use.


Remediation steps

Type Step
Patch

iBoot-PDU Firmware Update Version 1.42.06162022


https://dataprobe.com/support-iboot-pdu/


Last edited: 22 September 2022 12:48 pm