PT-2022-17729 · Barco · Barco Control Room Management

Murat Aydemir

Published

2022-04-01

Updated

2022-04-11

CVE-2022-26233

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Barco Control Room Management through Suite 2.9 Build 0275

Description The issue allows attackers to access sensitive information and components through directory traversal. Requests must begin with the "GET /...." substring, enabling access to restricted areas.

Recommendations For Barco Control Room Management through Suite 2.9 Build 0275, as a temporary workaround, consider restricting access to sensitive information and components until a patch is available. Avoid using requests that begin with the "GET /...." substring in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-26233

Affected Products

Barco Control Room Management

PT-2022-17729 · Barco · Barco Control Room Management

CVE-2022-26233

Weakness Enumeration

Related Identifiers

Affected Products

References · 7