Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.

Published

2019-12-16T17:15:12.017

Last Modified

2024-11-21T04:33:39.600

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-521

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	barco	clickshare_cs-100_firmware	< 1.9.0	Yes
Hardware	barco	clickshare_cs-100	-	No
Operating System	barco	clickshare_cse-200_firmware	< 1.9.0	Yes
Hardware	barco	clickshare_cse-200	-	No
Operating System	barco	clickshare_cse-200\+_firmware	< 1.9.0	Yes
Hardware	barco	clickshare_cse-200\+	-	No
Operating System	barco	clickshare_cse-800_firmware	< 1.9.0	Yes
Hardware	barco	clickshare_cse-800	-	No

References

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ Third Party Advisory ([email protected])
https://www.barco.com/en/clickshare/firmware-update Product ([email protected])
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory ([email protected])
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory ([email protected])
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory ([email protected])
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory ([email protected])
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.barco.com/en/clickshare/firmware-update Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)