CVE-2019-18902

Current Description

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.

Basic Data

PublishedDecember 16, 2019
Last ModifiedDecember 23, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-78
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSBarcoClickshare Cs-100 Firmware********1.9.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareBarcoClickshare Cs-100-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSBarcoClickshare Cse-200 Firmware********1.9.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareBarcoClickshare Cse-200-*******
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSBarcoClickshare Cse-200 Firmware********1.9.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareBarcoClickshare Cse-200-*******
  • AND
    • OR - Configuration 4
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSBarcoClickshare Cse-800 Firmware********1.9.0
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareBarcoClickshare Cse-800-*******

Vulnerable Software List

VendorProductVersions
Barco Clickshare Cse-200 Firmware *
Barco Clickshare Cse-200 Firmware *
Barco Clickshare Cse-800 Firmware *
Barco Clickshare Cs-100 Firmware *

References

NameSourceURLTags
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/MISCThird Party Advisory
https://www.barco.com/en/clickshare/firmware-updatehttps://www.barco.com/en/clickshare/firmware-updateMISCProduct
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&MISCProduct Vendor Advisory
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&MISCProduct Vendor Advisory
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&MISCProduct Vendor Advisory
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&MISCProduct Vendor Advisory