Lucene search

MitreCVE-2022-26233

HistoryApr 03, 2022 - 11:15 p.m.

CVE-2022-26233

2022-04-0323:15:08

CWE-22

mitre

web.nvd.nist.gov

cve-2022-26233

barco

control room management

directory traversal

vulnerability

information security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the “GET /…..” substring.

Affected configurations

Nvd

Node

barcocontrol_room_management_suiteRange≤2.9

VendorProductVersionCPE
barcocontrol_room_management_suite*cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barco	control_room_management_suite	*	cpe:2.3:a:barco:control_room_management_suite::::::::

References

packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html

seclists.org/fulldisclosure/2022/Apr/0

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Related for CVE-2022-26233