7.5
CWE
22
Advisory Published
Updated

CVE-2022-4636: Path Traversal

First published: Tue Jan 10 2023(Updated: )

Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.

Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Blackbox Acr1000a-r-r2 Firmware=3.4.31307
Blackbox Acr1000a-r-r2
Blackbox Acr1000a-t-r2 Firmware=3.4.31307
Blackbox Acr1000a-t-r2
Blackbox Acr1002a-r Firmware=3.4.31307
Blackbox Acr1002a-r
Blackbox Acr1002a-t Firmware=3.4.31307
Blackbox Acr1002a-t
Blackbox Acr1020a-t Firmware=3.4.31307
Blackbox Acr1020a-t
Black Box KVM ACR1000A-R-R2: Firmware version v3.4.31307
Black Box KVM ACR1000A-T-R2: Firmware version v3.4.31307
Black Box KVM ACR1002A-T: Firmware version v3.4.31307
Black Box KVM ACR1002A-R: Firmware version v3.4.31307
Black Box KVM ACR1020A-T: Firmware version v3.4.31307
All of
Blackbox Acr1000a-r-r2 Firmware=3.4.31307
Blackbox Acr1000a-r-r2
All of
Blackbox Acr1000a-t-r2 Firmware=3.4.31307
Blackbox Acr1000a-t-r2
All of
Blackbox Acr1002a-r Firmware=3.4.31307
Blackbox Acr1002a-r
All of
Blackbox Acr1002a-t Firmware=3.4.31307
Blackbox Acr1002a-t
All of
Blackbox Acr1020a-t Firmware=3.4.31307
Blackbox Acr1020a-t

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2022-4636?

    CVE-2022-4636 refers to a vulnerability in Black Box KVM Firmware version 3.4.31307 on specific models, which allows for path traversal and potential theft of user credentials and sensitive information through local file inclusion.

  • Which software versions are affected by CVE-2022-4636?

    Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T are affected.

  • How severe is CVE-2022-4636?

    CVE-2022-4636 has a severity rating of 7.5 (high).

  • How can an attacker exploit CVE-2022-4636?

    An attacker can exploit CVE-2022-4636 by performing path traversal and conducting local file inclusion attacks to steal user credentials and sensitive information.

  • Is there a fix available for CVE-2022-4636?

    To fix CVE-2022-4636, it is recommended to update the affected Black Box KVM Firmware to a secure version that addresses the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203