CVE-2022-4636: Path Traversal
First published: Tue Jan 10 2023(Updated: )
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Blackbox Acr1000a-r-r2 Firmware | =3.4.31307 | |
| Blackbox Acr1000a-r-r2 | ||
| Blackbox Acr1000a-t-r2 Firmware | =3.4.31307 | |
| Blackbox Acr1000a-t-r2 | ||
| Blackbox Acr1002a-r Firmware | =3.4.31307 | |
| Blackbox Acr1002a-r | ||
| Blackbox Acr1002a-t Firmware | =3.4.31307 | |
| Blackbox Acr1002a-t | ||
| Blackbox Acr1020a-t Firmware | =3.4.31307 | |
| Blackbox Acr1020a-t | ||
| Black Box KVM ACR1000A-R-R2: Firmware version v3.4.31307 | ||
| Black Box KVM ACR1000A-T-R2: Firmware version v3.4.31307 | ||
| Black Box KVM ACR1002A-T: Firmware version v3.4.31307 | ||
| Black Box KVM ACR1002A-R: Firmware version v3.4.31307 | ||
| Black Box KVM ACR1020A-T: Firmware version v3.4.31307 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-4636?
CVE-2022-4636 refers to a vulnerability in Black Box KVM Firmware version 3.4.31307 on specific models, which allows for path traversal and potential theft of user credentials and sensitive information through local file inclusion.
Which software versions are affected by CVE-2022-4636?
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T are affected.
How severe is CVE-2022-4636?
CVE-2022-4636 has a severity rating of 7.5 (high).
How can an attacker exploit CVE-2022-4636?
An attacker can exploit CVE-2022-4636 by performing path traversal and conducting local file inclusion attacks to steal user credentials and sensitive information.
Is there a fix available for CVE-2022-4636?
To fix CVE-2022-4636, it is recommended to update the affected Black Box KVM Firmware to a secure version that addresses the vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/severity
- agent/references
- agent/tags
- agent/softwarecombine
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- vendor/blackbox
- canonical/blackbox acr1000a-r-r2 firmware
- version/blackbox acr1000a-r-r2 firmware/3.4.31307
- canonical/blackbox acr1000a-r-r2
- canonical/blackbox acr1000a-t-r2 firmware
- version/blackbox acr1000a-t-r2 firmware/3.4.31307
- canonical/blackbox acr1000a-t-r2
- canonical/blackbox acr1002a-r firmware
- version/blackbox acr1002a-r firmware/3.4.31307
- canonical/blackbox acr1002a-r
- canonical/blackbox acr1002a-t firmware
- version/blackbox acr1002a-t firmware/3.4.31307
- canonical/blackbox acr1002a-t
- canonical/blackbox acr1020a-t firmware
- version/blackbox acr1020a-t firmware/3.4.31307
- canonical/blackbox acr1020a-t
- vendor/black box
- canonical/black box kvm acr1000a-r-r2: firmware version v3.4.31307
- canonical/black box kvm acr1000a-t-r2: firmware version v3.4.31307
- canonical/black box kvm acr1002a-t: firmware version v3.4.31307
- canonical/black box kvm acr1002a-r: firmware version v3.4.31307
- canonical/black box kvm acr1020a-t: firmware version v3.4.31307