ID
VAR-201710-1335
CVE
CVE-2017-9377
TITLE
Barco ClickShare CSM-1 Base Unit and ClickShare CSC-1 Base Unit Command Injection Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2017-33051 //
CNNVD: CNNVD-201706-171
DESCRIPTION
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. BarcoClickShareCSM-1BaseUnit and ClickShareCSC-1BaseUnit are both wireless presentation system host devices from Barco, Belgium. Multiple Barco ClickShare Base Units are prone to multiple command-injection vulnerabilities because it fails to properly sanitize user-supplied input. This may aid in further attacks
Trust: 2.52
sources:
NVD: CVE-2017-9377 //
JVNDB: JVNDB-2017-009832 //
CNVD: CNVD-2017-33051 //
BID: 101617 //
VULMON: CVE-2017-9377
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-33051
AFFECTED PRODUCTS
| vendor: | barco | model: | clickshare csc-1 | scope: | lt | version: | 1.10.0.10 | Trust: 1.8 |
| vendor: | barco | model: | clickshare csm-1 | scope: | lt | version: | 1.7.0.3 | Trust: 1.8 |
| vendor: | barco | model: | clickshare csm-1 base unit | scope: | lt | version: | 1.7.0.3 | Trust: 0.6 |
| vendor: | barco | model: | clickshare csc-1 base unit | scope: | lt | version: | 1.10.0.10 | Trust: 0.6 |
| vendor: | barco | model: | clickshare csm-1 | scope: | eq | version: | 1.6.4.1 | Trust: 0.3 |
| vendor: | barco | model: | clickshare csm-1 | scope: | eq | version: | 1.6.3.5 | Trust: 0.3 |
| vendor: | barco | model: | clickshare csc-1 | scope: | eq | version: | 1.9.5.2 | Trust: 0.3 |
| vendor: | barco | model: | clickshare csc-1 | scope: | eq | version: | 1.9.4.3 | Trust: 0.3 |
| vendor: | barco | model: | clickshare csm-1 | scope: | ne | version: | 1.7.0.3 | Trust: 0.3 |
| vendor: | barco | model: | clickshare csc-1 | scope: | ne | version: | 1.10.0.10 | Trust: 0.3 |
sources:
CNVD: CNVD-2017-33051 //
BID: 101617 //
JVNDB: JVNDB-2017-009832 //
NVD: CVE-2017-9377
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2017-33051 //
VULMON: CVE-2017-9377 //
JVNDB: JVNDB-2017-009832 //
CNNVD: CNNVD-201706-171 //
NVD: CVE-2017-9377
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.0 |
| problemtype: | CWE-77 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2017-009832 //
NVD: CVE-2017-9377
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201706-171
TYPE
operating system commend injection
Trust: 0.6
sources:
CNNVD: CNNVD-201706-171
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-009832
PATCH
| title: | ClickShare CSC-1 Base Unit Firmware v1.10.0.10 | url: | https://www.barco.com/en/support/software/R33050020 | Trust: 0.8 |
| title: | ClickShare CSM-1 Base Unit Firmware v1.7.0.3 | url: | https://www.barco.com/en/Support/software/R33050037 | Trust: 0.8 |
| title: | Patch for BarcoClickShareCSM-1BaseUnit and ClickShareCSC-1BaseUnit command injection vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/105610 | Trust: 0.6 |
| title: | Barco ClickShare CSM-1 Base Unit and ClickShare CSC-1 Base Unit Fixes for command injection vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99842 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-33051 //
JVNDB: JVNDB-2017-009832 //
CNNVD: CNNVD-201706-171
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-9377 | Trust: 3.4 |
| db: | BID | id: | 101617 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2017-009832 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2017-33051 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201706-171 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2017-9377 | Trust: 0.1 |
sources:
CNVD: CNVD-2017-33051 //
VULMON: CVE-2017-9377 //
BID: 101617 //
JVNDB: JVNDB-2017-009832 //
CNNVD: CNNVD-201706-171 //
NVD: CVE-2017-9377
REFERENCES
| url: | https://www.barco.com/en/support/software/r33050020 | Trust: 2.6 |
| url: | https://www.barco.com/en/support/software/r33050037 | Trust: 2.0 |
| url: | https://www.contextis.com/resources/advisories/cve-2017-9377 | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/101617 | Trust: 1.8 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9377 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-9377 | Trust: 0.8 |
| url: | https://www.barco.com/en/clickshare | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/78.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2017-33051 //
VULMON: CVE-2017-9377 //
BID: 101617 //
JVNDB: JVNDB-2017-009832 //
CNNVD: CNNVD-201706-171 //
NVD: CVE-2017-9377
CREDITS
Claudio Moletta
Trust: 0.3
sources:
BID: 101617
SOURCES
| db: | CNVD | id: | CNVD-2017-33051 |
| db: | VULMON | id: | CVE-2017-9377 |
| db: | BID | id: | 101617 |
| db: | JVNDB | id: | JVNDB-2017-009832 |
| db: | CNNVD | id: | CNNVD-201706-171 |
| db: | NVD | id: | CVE-2017-9377 |
LAST UPDATE DATE
2025-04-20T23:12:49.743000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-33051 | date: | 2017-11-08T00:00:00 |
| db: | VULMON | id: | CVE-2017-9377 | date: | 2019-10-03T00:00:00 |
| db: | BID | id: | 101617 | date: | 2017-12-19T21:00:00 |
| db: | JVNDB | id: | JVNDB-2017-009832 | date: | 2017-11-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-171 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2017-9377 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-33051 | date: | 2017-11-08T00:00:00 |
| db: | VULMON | id: | CVE-2017-9377 | date: | 2017-10-30T00:00:00 |
| db: | BID | id: | 101617 | date: | 2017-09-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-009832 | date: | 2017-11-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-171 | date: | 2017-06-07T00:00:00 |
| db: | NVD | id: | CVE-2017-9377 | date: | 2017-10-30T14:29:00.923 |