VAR-201912-0679
Vulnerability from variot - Updated: 2024-11-23 19:30Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Barco ClickShare Button The device contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability originated from the program's insufficient protection of credentials, and an attacker could use this vulnerability to gain root user identity
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0679",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clickshare cse-200\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cs-100",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-800",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-200",
"scope": "lt",
"trust": 1.0,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cs-100",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-200",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-200+",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare cse-800",
"scope": "eq",
"trust": 0.8,
"vendor": "barco",
"version": "1.9.0"
},
{
"model": "clickshare button r9861500d01",
"scope": "lt",
"trust": 0.6,
"vendor": "barco",
"version": "1.9.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:barco:clickshare_cs-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-200%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:clickshare_cse-800_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
}
]
},
"cve": "CVE-2019-18828",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46444",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2019-18828",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18828",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18828",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-18828",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-46444",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-727",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-727"
},
{
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Barco ClickShare Button The device contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability originated from the program\u0027s insufficient protection of credentials, and an attacker could use this vulnerability to gain root user identity",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18828"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "CNVD",
"id": "CNVD-2019-46444"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18828",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU93632155",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-46444",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-727",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-727"
},
{
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"id": "VAR-201912-0679",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
}
],
"trust": 1.3368421000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
}
]
},
"last_update_date": "2024-11-23T19:30:54.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ClickShare",
"trust": 0.8,
"url": "https://www.barco.com/en/clickshare/firmware-update"
},
{
"title": "ClickShare CS-100 base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050069?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "ClickShare CSE-200 base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050070?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "ClickShare CSE-800 base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050095?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "ClickShare CSE-200+ base unit firmware v1.9.1.7",
"trust": 0.8,
"url": "https://www.barco.com/en/support/software/R33050125?majorVersion=01\u0026minorVersion=09\u0026patchVersion=01\u0026buildVersion=007"
},
{
"title": "Patch for Barco ClickShare Button R9861500D01 Insufficient Credential Protection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/194987"
},
{
"title": "Barco ClickShare Button R9861500D01 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105750"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"
},
{
"trust": 2.2,
"url": "https://www.barco.com/en/support/software/r33050069?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18828"
},
{
"trust": 1.6,
"url": "https://www.barco.com/en/clickshare/firmware-update"
},
{
"trust": 1.6,
"url": "https://www.barco.com/en/support/software/r33050070?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 1.6,
"url": "https://www.barco.com/en/support/software/r33050125?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 1.6,
"url": "https://www.barco.com/en/support/software/r33050095?majorversion=01\u0026minorversion=09\u0026patchversion=01\u0026buildversion=007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18828"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93632155/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-727"
},
{
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-727"
},
{
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"date": "2019-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-727"
},
{
"date": "2019-12-16T17:15:12.017000",
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46444"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013418"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-727"
},
{
"date": "2024-11-21T04:33:39.600000",
"db": "NVD",
"id": "CVE-2019-18828"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Barco ClickShare Button Vulnerability related to information leak from cache in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013418"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-727"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…