CVE-2022-4636
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.
La versión 3.4.31307 de Black Box KVM Firmware en los modelos ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R y ACR1020A-T es vulnerable a path traversal, lo que puede permitir a un atacante robar credenciales de usuario y otra información confidencial mediante la inclusión de archivos locales.
*Credits:
Ferhat Çil
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-21 CVE Reserved
- 2023-01-10 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-23-010-01 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Blackbox Search vendor "Blackbox" | Acr1000a-r-r2 Firmware Search vendor "Blackbox" for product "Acr1000a-r-r2 Firmware" | 3.4.31307 Search vendor "Blackbox" for product "Acr1000a-r-r2 Firmware" and version "3.4.31307" | - |
Affected
| in | Blackbox Search vendor "Blackbox" | Acr1000a-r-r2 Search vendor "Blackbox" for product "Acr1000a-r-r2" | - | - |
Safe
|
| Blackbox Search vendor "Blackbox" | Acr1000a-t-r2 Firmware Search vendor "Blackbox" for product "Acr1000a-t-r2 Firmware" | 3.4.31307 Search vendor "Blackbox" for product "Acr1000a-t-r2 Firmware" and version "3.4.31307" | - |
Affected
| in | Blackbox Search vendor "Blackbox" | Acr1000a-t-r2 Search vendor "Blackbox" for product "Acr1000a-t-r2" | - | - |
Safe
|
| Blackbox Search vendor "Blackbox" | Acr1002a-r Firmware Search vendor "Blackbox" for product "Acr1002a-r Firmware" | 3.4.31307 Search vendor "Blackbox" for product "Acr1002a-r Firmware" and version "3.4.31307" | - |
Affected
| in | Blackbox Search vendor "Blackbox" | Acr1002a-r Search vendor "Blackbox" for product "Acr1002a-r" | - | - |
Safe
|
| Blackbox Search vendor "Blackbox" | Acr1002a-t Firmware Search vendor "Blackbox" for product "Acr1002a-t Firmware" | 3.4.31307 Search vendor "Blackbox" for product "Acr1002a-t Firmware" and version "3.4.31307" | - |
Affected
| in | Blackbox Search vendor "Blackbox" | Acr1002a-t Search vendor "Blackbox" for product "Acr1002a-t" | - | - |
Safe
|
| Blackbox Search vendor "Blackbox" | Acr1020a-t Firmware Search vendor "Blackbox" for product "Acr1020a-t Firmware" | 3.4.31307 Search vendor "Blackbox" for product "Acr1020a-t Firmware" and version "3.4.31307" | - |
Affected
| in | Blackbox Search vendor "Blackbox" | Acr1020a-t Search vendor "Blackbox" for product "Acr1020a-t" | - | - |
Safe
|