Vulnerability Details CVE-2022-4636
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-4636
-
cpe:2.3:h:blackbox:acr1000a-r-r2:-
-
cpe:2.3:h:blackbox:acr1000a-t-r2:-
-
cpe:2.3:h:blackbox:acr1002a-r:-
-
cpe:2.3:h:blackbox:acr1002a-t:-
-
cpe:2.3:h:blackbox:acr1020a-t:-
-
cpe:2.3:o:blackbox:acr1000a-r-r2_firmware:3.4.31307
-
cpe:2.3:o:blackbox:acr1000a-t-r2_firmware:3.4.31307
-
cpe:2.3:o:blackbox:acr1002a-r_firmware:3.4.31307
-
cpe:2.3:o:blackbox:acr1002a-t_firmware:3.4.31307
-
cpe:2.3:o:blackbox:acr1020a-t_firmware:3.4.31307