Details of VAR-201701-0404

ID

VAR-201701-0404

CVE

CVE-2016-3152

TITLE

Barco ClickShare CSC-1 In the device firmware root Password acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-006882

DESCRIPTION

Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Barco ClickShare is prone to a vulnerability that lets attacker access arbitrary files because it fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to view arbitrary files within the context of the affected application. Versions prior to Barco ClickShare 01.09.03 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance. CVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and CSE-200 Affected versions: all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200) A Cross-Site Scripting vulnerability exists within Barco ClickShare's CSC-1 base unit's wallpaper.php due to invalid input and output sanitisation. A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008 -- Regards, Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V

Trust: 2.07

sources: NVD: CVE-2016-3152 // JVNDB: JVNDB-2016-006882 // BID: 94326 // VULHUB: VHN-91971 // PACKETSTORM: 139713

AFFECTED PRODUCTS

vendor:	barco	model:	clickshare csc-1	scope:	lte	version:	01.09.02.03	Trust: 1.0
vendor:	barco	model:	clickshare csc-1	scope:	-	version:	-	Trust: 0.8
vendor:	barco	model:	clickshare csc-1	scope:	lt	version:	01.09.03	Trust: 0.8
vendor:	barco	model:	clickshare csc-1	scope:	eq	version:	01.09.02.03	Trust: 0.6
vendor:	barco	model:	clickshare	scope:	eq	version:	1.9.2	Trust: 0.3
vendor:	barco	model:	clickshare	scope:	ne	version:	1.9.3	Trust: 0.3

sources: BID: 94326 // JVNDB: JVNDB-2016-006882 // CNNVD: CNNVD-201611-542 // NVD: CVE-2016-3152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3152
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-3152
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201611-542
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-91971
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-3152
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-91971
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-3152
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-91971 // JVNDB: JVNDB-2016-006882 // CNNVD: CNNVD-201611-542 // NVD: CVE-2016-3152

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-91971 // JVNDB: JVNDB-2016-006882 // NVD: CVE-2016-3152

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 139713 // CNNVD: CNNVD-201611-542

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201611-542

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006882

PATCH

title:	Update your ClickShare firmware	url:	https://www.barco.com/en/page/update-your-clickshare-firmware	Trust: 0.8
title:	Barco ClickShare Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65877	Trust: 0.6

sources: JVNDB: JVNDB-2016-006882 // CNNVD: CNNVD-201611-542

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3152	Trust: 2.9
db:	PACKETSTORM	id:	139713	Trust: 2.6
db:	BID	id:	94326	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-006882	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-542	Trust: 0.7
db:	VULHUB	id:	VHN-91971	Trust: 0.1

sources: VULHUB: VHN-91971 // BID: 94326 // JVNDB: JVNDB-2016-006882 // PACKETSTORM: 139713 // CNNVD: CNNVD-201611-542 // NVD: CVE-2016-3152

REFERENCES

url:	http://packetstormsecurity.com/files/139713/barco-clickshare-xss-remote-code-execution-path-traversal.html	Trust: 2.5
url:	http://www.securityfocus.com/bid/94326	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/539754/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3152	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3152	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/539754/100/0/threaded	Trust: 0.6
url:	https://www.barco.com/en/clickshare	Trust: 0.3
url:	http://seclists.org/bugtraq/2016/nov/49	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3151	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3152	Trust: 0.1
url:	http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050037&rev=001001000113	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3150	Trust: 0.1
url:	http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=r33050020&rev=001002000009	Trust: 0.1
url:	https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050070&rev=001001000008	Trust: 0.1

sources: VULHUB: VHN-91971 // BID: 94326 // JVNDB: JVNDB-2016-006882 // PACKETSTORM: 139713 // CNNVD: CNNVD-201611-542 // NVD: CVE-2016-3152

CREDITS

Vincent Ruijter

Trust: 1.0

sources: BID: 94326 // PACKETSTORM: 139713 // CNNVD: CNNVD-201611-542

SOURCES

db:	VULHUB	id:	VHN-91971
db:	BID	id:	94326
db:	JVNDB	id:	JVNDB-2016-006882
db:	PACKETSTORM	id:	139713
db:	CNNVD	id:	CNNVD-201611-542
db:	NVD	id:	CVE-2016-3152

LAST UPDATE DATE

2025-04-20T23:13:23.882000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91971	date:	2018-10-09T00:00:00
db:	BID	id:	94326	date:	2016-11-24T00:10:00
db:	JVNDB	id:	JVNDB-2016-006882	date:	2017-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201611-542	date:	2017-01-13T00:00:00
db:	NVD	id:	CVE-2016-3152	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91971	date:	2017-01-12T00:00:00
db:	BID	id:	94326	date:	2016-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-006882	date:	2017-01-27T00:00:00
db:	PACKETSTORM	id:	139713	date:	2016-11-14T17:07:07
db:	CNNVD	id:	CNNVD-201611-542	date:	2016-11-25T00:00:00
db:	NVD	id:	CVE-2016-3152	date:	2017-01-12T23:59:00.387