CVE-2022-3188
Published: 21 December 2022
Summary
CVE-2022-3188 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Dataprobe Iboot-Pdu4-N20 Firmware. Its CVSS base score is 5.3 (Medium).
Operationally, ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42605
Vulnerability details
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.
The small, testable reference monitor reduces the likelihood of incorrect authorization implementations.
Auditing sessions makes it possible to detect access to critical functions without required authentication.
The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.
Certification assesses that critical functions have required authentication controls in place.
Centralized authorization servers reduce incorrect authorization by enforcing consistent policies.
Policy mandates authentication and authorization for critical functions, ensuring these controls are not omitted for personnel-managed resources.
Explicit identification of critical functions enables targeted authentication requirements, preventing missing authentication for those functions.