Lucene search

MitreCVE-2019-18828

HistoryDec 16, 2019 - 5:15 p.m.

CVE-2019-18828

2019-12-1617:15:12

CWE-521

mitre

web.nvd.nist.gov

barco

clickshare

button

r9861500d01

insufficiently protected credentials

cve-2019-18828

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.

Affected configurations

Nvd

Node

barcoclickshare_cs-100_firmwareRange<1.9.0

AND

barcoclickshare_cs-100Match-

Node

barcoclickshare_cse-200_firmwareRange<1.9.0

AND

barcoclickshare_cse-200Match-

Node

barcoclickshare_cse-200\+_firmwareRange<1.9.0

AND

barcoclickshare_cse-200\+Match-

Node

barcoclickshare_cse-800_firmwareRange<1.9.0

AND

barcoclickshare_cse-800Match-

VendorProductVersionCPE
barcoclickshare_cs-100_firmware*cpe:2.3:o:barco:clickshare_cs-100_firmware:*:*:*:*:*:*:*:*
barcoclickshare_cs-100-cpe:2.3:h:barco:clickshare_cs-100:-:*:*:*:*:*:*:*
barcoclickshare_cse-200_firmware*cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*
barcoclickshare_cse-200-cpe:2.3:h:barco:clickshare_cse-200:-:*:*:*:*:*:*:*
barcoclickshare_cse-200\+_firmware*cpe:2.3:o:barco:clickshare_cse-200\+_firmware:*:*:*:*:*:*:*:*
barcoclickshare_cse-200\+-cpe:2.3:h:barco:clickshare_cse-200\+:-:*:*:*:*:*:*:*
barcoclickshare_cse-800_firmware*cpe:2.3:o:barco:clickshare_cse-800_firmware:*:*:*:*:*:*:*:*
barcoclickshare_cse-800-cpe:2.3:h:barco:clickshare_cse-800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
barco	clickshare_cs-100_firmware	*	cpe:2.3:o:barco:clickshare_cs-100_firmware::::::::
barco	clickshare_cs-100	-	cpe:2.3:h:barco:clickshare_cs-100:-:::::::*
barco	clickshare_cse-200_firmware	*	cpe:2.3:o:barco:clickshare_cse-200_firmware::::::::
barco	clickshare_cse-200	-	cpe:2.3:h:barco:clickshare_cse-200:-:::::::*
barco	clickshare_cse-200\+_firmware	*	cpe:2.3:o:barco:clickshare_cse-200\+_firmware::::::::
barco	clickshare_cse-200\+	-	cpe:2.3:h:barco:clickshare_cse-200\+:-:::::::*
barco	clickshare_cse-800_firmware	*	cpe:2.3:o:barco:clickshare_cse-800_firmware::::::::
barco	clickshare_cse-800	-	cpe:2.3:h:barco:clickshare_cse-800:-:::::::*

References

labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

www.barco.com/en/clickshare/firmware-update

www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Related for CVE-2019-18828