First published: Tue Jan 10 2023(Updated: )
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Blackbox Acr1000a-r-r2 Firmware | =3.4.31307 | |
Blackbox Acr1000a-r-r2 | ||
Blackbox Acr1000a-t-r2 Firmware | =3.4.31307 | |
Blackbox Acr1000a-t-r2 | ||
Blackbox Acr1002a-r Firmware | =3.4.31307 | |
Blackbox Acr1002a-r | ||
Blackbox Acr1002a-t Firmware | =3.4.31307 | |
Blackbox Acr1002a-t | ||
Blackbox Acr1020a-t Firmware | =3.4.31307 | |
Blackbox Acr1020a-t | ||
Black Box KVM ACR1000A-R-R2: Firmware version v3.4.31307 | ||
Black Box KVM ACR1000A-T-R2: Firmware version v3.4.31307 | ||
Black Box KVM ACR1002A-T: Firmware version v3.4.31307 | ||
Black Box KVM ACR1002A-R: Firmware version v3.4.31307 | ||
Black Box KVM ACR1020A-T: Firmware version v3.4.31307 | ||
All of | ||
Blackbox Acr1000a-r-r2 Firmware | =3.4.31307 | |
Blackbox Acr1000a-r-r2 | ||
All of | ||
Blackbox Acr1000a-t-r2 Firmware | =3.4.31307 | |
Blackbox Acr1000a-t-r2 | ||
All of | ||
Blackbox Acr1002a-r Firmware | =3.4.31307 | |
Blackbox Acr1002a-r | ||
All of | ||
Blackbox Acr1002a-t Firmware | =3.4.31307 | |
Blackbox Acr1002a-t | ||
All of | ||
Blackbox Acr1020a-t Firmware | =3.4.31307 | |
Blackbox Acr1020a-t |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4636 refers to a vulnerability in Black Box KVM Firmware version 3.4.31307 on specific models, which allows for path traversal and potential theft of user credentials and sensitive information through local file inclusion.
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T are affected.
CVE-2022-4636 has a severity rating of 7.5 (high).
An attacker can exploit CVE-2022-4636 by performing path traversal and conducting local file inclusion attacks to steal user credentials and sensitive information.
To fix CVE-2022-4636, it is recommended to update the affected Black Box KVM Firmware to a secure version that addresses the vulnerability.