Sign-up

ID

VAR-201701-0403


CVE

CVE-2016-3151


TITLE

plural Barco ClickShare Directory traversal vulnerability in wallpaper parsing function of device product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2016-006881

DESCRIPTION

Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. Versions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 etc. are wireless presentation systems of Belgium Barco (Barco). A remote attacker can exploit this vulnerability to read the /etc/shadow file. CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update Affected versions: all versions prior to v01.09.03 (CSC-1) It is possible to download and extract the firmware image of the CSC-1 and obtain the root password. The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008 -- Regards, Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V

Trust: 2.07

sources: NVD: CVE-2016-3151 // JVNDB: JVNDB-2016-006881 // BID: 94330 // VULHUB: VHN-91970 // PACKETSTORM: 139713

AFFECTED PRODUCTS

vendor:barcomodel:clickshare csc-1scope:lteversion:01.09.02.03

Trust: 1.0

vendor:barcomodel:clickshare cse-200scope:lteversion:01.03.01.05

Trust: 1.0

vendor:barcomodel:clickshare csm-1scope:lteversion:01.06.01.04

Trust: 1.0

vendor:barcomodel:clickshare csc-1scope: - version: -

Trust: 0.8

vendor:barcomodel:clickshare csc-1scope:ltversion:01.09.03

Trust: 0.8

vendor:barcomodel:clickshare cse-200scope: - version: -

Trust: 0.8

vendor:barcomodel:clickshare cse-200scope:ltversion:01.03.02

Trust: 0.8

vendor:barcomodel:clickshare csm-1scope: - version: -

Trust: 0.8

vendor:barcomodel:clickshare csm-1scope:ltversion:01.06.02

Trust: 0.8

vendor:barcomodel:clickshare csm-1scope:eqversion:01.06.01.04

Trust: 0.6

vendor:barcomodel:clickshare csc-1scope:eqversion:01.09.02.03

Trust: 0.6

vendor:barcomodel:clickshare cse-200scope:eqversion:01.03.01.05

Trust: 0.6

vendor:barcomodel:clicksharescope:eqversion:1.9.2

Trust: 0.3

vendor:barcomodel:clicksharescope:eqversion:1.6.1

Trust: 0.3

vendor:barcomodel:clicksharescope:eqversion:1.3.1

Trust: 0.3

vendor:barcomodel:clicksharescope:neversion:1.9.3

Trust: 0.3

vendor:barcomodel:clicksharescope:neversion:1.6.2

Trust: 0.3

vendor:barcomodel:clicksharescope:neversion:1.3.2

Trust: 0.3

sources: BID: 94330 // JVNDB: JVNDB-2016-006881 // CNNVD: CNNVD-201611-539 // NVD: CVE-2016-3151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3151
value: HIGH

Trust: 1.0

NVD: CVE-2016-3151
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201611-539
value: MEDIUM

Trust: 0.6

VULHUB: VHN-91970
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3151
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-91970
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3151
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-91970 // JVNDB: JVNDB-2016-006881 // CNNVD: CNNVD-201611-539 // NVD: CVE-2016-3151

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-91970 // JVNDB: JVNDB-2016-006881 // NVD: CVE-2016-3151

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 139713 // CNNVD: CNNVD-201611-539

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201611-539

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006881

PATCH
title:Update your ClickShare firmwareurl:https://www.barco.com/en/page/update-your-clickshare-firmware
Trust: 0.8
title:Barco ClickShare Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65874
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-006881 // 
            
            
            
            CNNVD: CNNVD-201611-539

EXTERNAL IDS
db:NVDid:CVE-2016-3151
Trust: 2.9
db:PACKETSTORMid:139713
Trust: 2.6
db:BIDid:94330
Trust: 2.0
db:JVNDBid:JVNDB-2016-006881
Trust: 0.8
db:CNNVDid:CNNVD-201611-539
Trust: 0.7
db:VULHUBid:VHN-91970
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91970 // 
            
            
            
            BID: 94330 // 
            
            
            
            JVNDB: JVNDB-2016-006881 // 
            
            
            
            PACKETSTORM: 139713 // 
            
            
            
            CNNVD: CNNVD-201611-539 // 
            
            
            
            NVD: CVE-2016-3151

REFERENCES
url:http://packetstormsecurity.com/files/139713/barco-clickshare-xss-remote-code-execution-path-traversal.html
Trust: 2.5
url:http://www.securityfocus.com/bid/94330
Trust: 1.7
url:http://www.securityfocus.com/archive/1/539754/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3151
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3151
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/539754/100/0/threaded
Trust: 0.6
url:https://www.barco.com/en/clickshare
Trust: 0.3
url:http://seclists.org/bugtraq/2016/nov/49
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-3149
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-3151
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-3152
Trust: 0.1
url:http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050037&rev=001001000113
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-3150
Trust: 0.1
url:http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=r33050020&rev=001002000009
Trust: 0.1
url:https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050070&rev=001001000008
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91970 // 
            
            
            
            BID: 94330 // 
            
            
            
            JVNDB: JVNDB-2016-006881 // 
            
            
            
            PACKETSTORM: 139713 // 
            
            
            
            CNNVD: CNNVD-201611-539 // 
            
            
            
            NVD: CVE-2016-3151

CREDITS
Vincent Ruijter
Trust: 1.0
sources:
            
            
            BID: 94330 // 
            
            
            
            PACKETSTORM: 139713 // 
            
            
            
            CNNVD: CNNVD-201611-539

SOURCES
db:VULHUBid:VHN-91970
db:BIDid:94330
db:JVNDBid:JVNDB-2016-006881
db:PACKETSTORMid:139713
db:CNNVDid:CNNVD-201611-539
db:NVDid:CVE-2016-3151

LAST UPDATE DATE
2025-04-20T23:13:23.847000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-91970date:2018-10-09T00:00:00
db:BIDid:94330date:2016-11-24T01:10:00
db:JVNDBid:JVNDB-2016-006881date:2017-01-27T00:00:00
db:CNNVDid:CNNVD-201611-539date:2017-01-13T00:00:00
db:NVDid:CVE-2016-3151date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-91970date:2017-01-12T00:00:00
db:BIDid:94330date:2016-11-14T00:00:00
db:JVNDBid:JVNDB-2016-006881date:2017-01-27T00:00:00
db:PACKETSTORMid:139713date:2016-11-14T17:07:07
db:CNNVDid:CNNVD-201611-539date:2016-11-25T00:00:00
db:NVDid:CVE-2016-3151date:2017-01-12T23:59:00.353