Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4636

Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.

Published

2023-01-10T20:15:10.607

Last Modified

2024-11-21T07:35:38.497

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	blackbox	acr1000a-r-r2_firmware	3.4.31307	Yes
Hardware	blackbox	acr1000a-r-r2	-	No
Operating System	blackbox	acr1000a-t-r2_firmware	3.4.31307	Yes
Hardware	blackbox	acr1000a-t-r2	-	No
Operating System	blackbox	acr1002a-r_firmware	3.4.31307	Yes
Hardware	blackbox	acr1002a-r	-	No
Operating System	blackbox	acr1002a-t_firmware	3.4.31307	Yes
Hardware	blackbox	acr1002a-t	-	No
Operating System	blackbox	acr1020a-t_firmware	3.4.31307	Yes
Hardware	blackbox	acr1020a-t	-	No

References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-010-01 Patch, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-23-010-01 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)