Information disclosure

2019-12-1714:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.6%

JSON

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2)… The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key.

CPENameOperatorVersion
clickshare_button_r9861500d01_firmwarelt1.9.0

CPE	Name	Operator	Version
	clickshare_button_r9861500d01_firmware	lt	1.9.0

References

labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

www.barco.com/en/clickshare/firmware-update