Follow @discotekdotca
CVE-2019-18830
Current Description
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.
Basic Data
| Published | December 16, 2019 |
|---|---|
| Last Modified | December 23, 2019 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-78 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 10.0 |
| Severity | HIGH |
| Exploitability Score | 10.0 |
| Impact Score | 10.0 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
AND
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Barco Clickshare Cs-100 Firmware * * * * * * * * � � � 1.9.0 -
OR Running on/with:
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Hardware Barco Clickshare Cs-100 - * * * * * * * � � � �
-
OR - Configuration 1
-
AND
-
OR - Configuration 2
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Barco Clickshare Cse-200 Firmware * * * * * * * * � � � 1.9.0 -
OR Running on/with:
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Hardware Barco Clickshare Cse-200 - * * * * * * * � � � �
-
OR - Configuration 2
-
AND
-
OR - Configuration 3
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Barco Clickshare Cse-200 Firmware * * * * * * * * � � � 1.9.0 -
OR Running on/with:
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Hardware Barco Clickshare Cse-200 - * * * * * * * � � � �
-
OR - Configuration 3
-
AND
-
OR - Configuration 4
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Barco Clickshare Cse-800 Firmware * * * * * * * * � � � 1.9.0 -
OR Running on/with:
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Hardware Barco Clickshare Cse-800 - * * * * * * * � � � �
-
OR - Configuration 4
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Barco | Clickshare Cse-200 Firmware | * |
| Barco | Clickshare Cs-100 Firmware | * |
| Barco | Clickshare Cse-200 Firmware | * |
| Barco | Clickshare Cse-800 Firmware | * |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ | https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ | MISC | Third Party Advisory |
| https://www.barco.com/en/clickshare/firmware-update | https://www.barco.com/en/clickshare/firmware-update | MISC | Product |
| https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 | https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01& | MISC | Product Vendor Advisory |
| https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 | https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01& | MISC | Product Vendor Advisory |
| https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 | https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01& | MISC | Product Vendor Advisory |
| https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 | https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01& | MISC | Product Vendor Advisory |