CVE-2022-47311

Summary

A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.

Affected Software

VendorProductVersion RangeStatus
Dataprobe, Inc.Dataprobe iBoot-PDU FW0 < 1.42.06162022affected

Weaknesses

  • CWE-288 Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References