Description
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Black Box / KVM ACR1000A-R-R23.4.31307 – 3.4.31307
- Black Box / KVM ACR1000A-T-R23.4.31307 – 3.4.31307
- Black Box / KVM ACR1002A-R3.4.31307 – 3.4.31307
- Black Box / KVM ACR1002A-T3.4.31307 – 3.4.31307
- Black Box / KVM ACR1020A-T3.4.31307 – 3.4.31307
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-23-010-01