CVE-2022-4636

Published Jan 10, 2023

Last updated a year ago

CVSS high 7.5

Overview

Description: Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

ics-cert@hq.dhs.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackbox:acr1000a-r-r2_firmware:3.4.31307:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64D27D88-2CDC-4EAC-9A39-49F98C560797"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:blackbox:acr1000a-r-r2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6FBCC884-104B-47F4-B08A-72AA0A25E898"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackbox:acr1000a-t-r2_firmware:3.4.31307:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8435BA5-8175-4651-8949-37F5DA16F534"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:blackbox:acr1000a-t-r2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "94A9F274-7071-42E0-ABC7-FA2F9595B043"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackbox:acr1002a-r_firmware:3.4.31307:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A20579B5-23B4-4AA6-8E7C-9A3402994BA0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:blackbox:acr1002a-r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "60C8325E-05DF-497C-8396-5838530C6807"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackbox:acr1002a-t_firmware:3.4.31307:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C283C2-B1DB-4EED-B9D5-9FA3E57F14D2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:blackbox:acr1002a-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B7F68C48-1D3E-4071-8C42-E4816D43A1A6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:blackbox:acr1020a-t_firmware:3.4.31307:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05618BE3-FBAB-422A-86BF-78F1FB71032F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:blackbox:acr1020a-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "955FBC9D-2B5B-4333-9B34-41D19036BD64"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References