Lucene search

K
cve[email protected]CVE-2017-9377
HistoryOct 30, 2017 - 2:29 p.m.

CVE-2017-9377

2017-10-3014:29:00
CWE-78
web.nvd.nist.gov
22
cve-2017-9377
barco
clickshare
base unit
csm-1
csc-1
firmware
command injection
vulnerability
web api

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.0%

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product’s web API can exploit this vulnerability to completely compromise the vulnerable device.

Affected configurations

NVD
Node
barcoclickshare_csm-1_firmwareRange<1.7.0.3
AND
barcoclickshare_csm-1Match-
Node
barcoclickshare_csc-1_firmwareRange<1.10.0.10
AND
barcoclickshare_csc-1Match-

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.0%

Related for CVE-2017-9377