CVE-2022-46738
📋 TL;DR
This vulnerability in Dataprobe iBoot PDU devices exposes sensitive data via SNMP, allowing attackers to retrieve device MAC addresses and gain administrative access. It affects organizations using these power distribution units for infrastructure management. The exposure enables unauthorized control over connected equipment.
💻 Affected Systems
- Dataprobe iBoot PDU
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of power distribution infrastructure, enabling attackers to remotely power cycle critical equipment, cause physical damage, or disrupt operations through unauthorized administrative access.
Likely Case
Unauthorized administrative access to PDU devices, allowing attackers to monitor power usage, control outlets, and potentially disrupt connected equipment.
If Mitigated
Limited impact with proper network segmentation and SNMP access controls, restricting exposure to authorized management networks only.
🎯 Exploit Status
Exploitation requires only standard SNMP tools and knowledge of the vulnerable OID. No authentication needed for information disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates released by Dataprobe (specific version numbers in vendor advisory)
Vendor Advisory: https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf
Restart Required: Yes
Instructions:
1. Download latest firmware from Dataprobe support site. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Apply update and restart device. 5. Verify firmware version and reconfigure if necessary.
🔧 Temporary Workarounds
Disable SNMP
allDisable SNMP service on affected PDUs if not required for monitoring
Web interface: Configuration > SNMP > Disable
Restrict SNMP Access
allConfigure SNMP access controls to limit which IP addresses can query the device
Web interface: Configuration > SNMP > Access Control > Add allowed IP ranges
🧯 If You Can't Patch
- Network segmentation: Isolate PDUs on dedicated management VLAN with strict firewall rules
- Implement SNMPv3 with authentication and encryption instead of SNMPv1/v2c
🔍 How to Verify
Check if Vulnerable:
Use SNMP walk command: snmpwalk -v2c -c public <PDU_IP> .1.3.6.1.4.1.2021. If MAC address or sensitive data is returned, device is vulnerable.Check Version:
Web interface: Status > System Information or SNMP: snmpget -v2c -c public <PDU_IP> sysDescr.0Verify Fix Applied:
1. Check firmware version matches patched version. 2. Attempt same SNMP query - should return error or no sensitive data. 3. Verify SNMP community strings are changed from defaults.📡 Detection & Monitoring
Log Indicators:
- Multiple SNMP GET requests from unauthorized sources
- Failed login attempts followed by successful admin access
- Configuration changes from unexpected IP addresses
Network Indicators:
- SNMP traffic to PDU devices from non-management networks
- Unusual SNMP query patterns targeting specific OIDs
SIEM Query:
source="PDU_Logs" AND (event_type="SNMP_Query" AND src_ip NOT IN allowed_management_ips) OR (event_type="Admin_Login" AND user="admin" AND src_ip NOT IN expected_ips)