Vulners
Lucene search
Barco ClickShare XSS / Remote Code Execution / Path Traversal Vulnerabilities
| Reporter | Title | Published | Views | Family All 33 |
|---|---|---|---|---|
 | The vulnerability of the microprogrammed software in wireless presentation systems like ClickShare CSM-1 and ClickShare CSC-1, related to incorrect data processing, allows a intruder to execute arbitrary code. | 7 Dec 201700:00 | – | bdu_fstec |
 | Barco ClickShare Directory Traversal Vulnerability | 17 Nov 201600:00 | – | cnvd |
| Barco ClickShare Cross-Site Scripting Vulnerability | 17 Nov 201600:00 | – | cnvd |
| Barco ClickShare Arbitrary File Disclosure Vulnerability | 17 Nov 201600:00 | – | cnvd |
| Barco ClickShare Remote Code Execution Vulnerability | 17 Nov 201600:00 | – | cnvd |
 | CVE-2016-3149 | 12 Jan 201723:00 | – | cve |
| CVE-2016-3150 | 12 Jan 201723:00 | – | cve |
| CVE-2016-3151 | 12 Jan 201723:00 | – | cve |
| CVE-2016-3152 | 12 Jan 201723:00 | – | cve |
 | CVE-2016-3149 | 12 Jan 201723:00 | – | cvelist |
10
CVE-2016-3149 - Remote Code Execution in Barco ClickShare CSC-1 and CSM-1
Affected versions: all versions prior to v01.09.03 (CSC-1) and v01.06.02 (CSM-1).
A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance.
CVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and CSE-200
Affected versions: all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200)
A Cross-Site Scripting vulnerability exists within Barco ClickShare's CSC-1 base unit's wallpaper.php due to invalid input and output sanitisation.
CVE-2016-3151 - Path Traversal in Barco ClickShare CSC-1, CSM-1 and CSE-200
Affected versions: all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200).
A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system.
CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update
Affected versions: all versions prior to v01.09.03 (CSC-1)
It is possible to download and extract the firmware image of the CSC-1 and obtain the root password.
The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance.
References:
http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009
http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113
https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008
--
Regards,
Vincent Ruijter
Ethical Hacker
Chief Information Security Office
KPN B.V.
# 0day.today [2018-01-10] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Nov 2016 00:00Current
7.9High risk
Vulners AI Score7.9
EPSS0.14222