Skip to main content

Es3 Kvm CVE-2026-32297

| EUVDEUVD-2026-12612 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-03-17 cisa-cg
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 27, 2026 - 17:07 vuln.today
cvss_changed
Severity Changed
Apr 27, 2026 - 17:07 NVD
HIGH CRITICAL
CVSS changed
Apr 27, 2026 - 17:07 NVD
7.5 (HIGH) 9.3 (CRITICAL)
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2026-12612
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 17:20 nvd
HIGH 7.5

DescriptionCVE.org

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.

AnalysisAI

The Angeet ES3 KVM device contains an arbitrary file write vulnerability allowing remote, unauthenticated attackers to modify system files including configuration files and binaries, potentially leading to complete system compromise. All versions of the ES3 KVM appear to be affected based on EUVD version data (ES3 KVM 0 <*). This vulnerability has been reported by CISA and documented in their CSAF advisory VA-26-076-01, though no active exploitation (KEV) status has been indicated at this time.

Technical ContextAI

KVM (Keyboard, Video, Mouse) devices are hardware switches that allow IT administrators to control multiple servers from a single console, often with network connectivity for remote management. The vulnerability is rooted in CWE-306 (Missing Authentication for Critical Function), meaning the affected Angeet ES3 KVM fails to properly authenticate users before allowing file write operations. The CPE identifier cpe:2.3:a:angeet:es3_kvm confirms this affects the Angeet ES3 KVM product across all documented versions. KVM devices are particularly sensitive as they provide direct access to server consoles and are often connected to management networks, making them high-value targets. The lack of authentication on file write operations represents a fundamental security design flaw allowing attackers to replace legitimate system binaries or configuration files with malicious versions.

RemediationAI

Organizations should immediately consult CISA's CSAF advisory at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json for vendor-specific patch information and mitigation guidance. Until patches are available and applied, isolate affected Angeet ES3 KVM devices from untrusted networks by placing them on dedicated management VLANs accessible only from authorized administrator workstations through VPN or jump hosts. Implement network access controls using firewall rules or ACLs to restrict connectivity to specific trusted IP addresses. Monitor these devices for unauthorized file modifications using file integrity monitoring tools and review access logs for suspicious activity. Consider replacing affected devices with alternative KVM solutions if vendor patches are not forthcoming, given the severity of unauthenticated remote access to critical infrastructure management hardware.

Share

CVE-2026-32297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy