Details of VAR-201912-0678

ID

VAR-201912-0678

CVE

CVE-2019-18827

TITLE

Barco ClickShare Button R9861500D01 Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-013804

DESCRIPTION

On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware. Barco ClickShare Button R9861500D01 The device contains an input validation vulnerability.Information may be obtained

Trust: 2.16

sources: NVD: CVE-2019-18827 // JVNDB: JVNDB-2019-013804 // CNVD: CNVD-2019-46445

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-46445

AFFECTED PRODUCTS

vendor:	barco	model:	clickshare cs-100	scope:	lt	version:	1.9.0	Trust: 1.8
vendor:	barco	model:	clickshare cse-200	scope:	lt	version:	1.9.0	Trust: 1.8
vendor:	barco	model:	clickshare cse-800	scope:	lt	version:	1.9.0	Trust: 1.8
vendor:	barco	model:	clickshare cse-200\+	scope:	lt	version:	1.9.0	Trust: 1.0
vendor:	barco	model:	clickshare cse-200+	scope:	lt	version:	1.9.0	Trust: 0.8
vendor:	barco	model:	clickshare button r9861500d01	scope:	lt	version:	1.9.0	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.8.2.2	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.6.1.2	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.7.0.22	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.5.0.12	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.5.2.3	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	-	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.6.4.4	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.5.1.2	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.7.1.1	Trust: 0.6
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.6.2.7	Trust: 0.6

sources: CNVD: CNVD-2019-46445 // JVNDB: JVNDB-2019-013804 // CNNVD: CNNVD-201912-728 // NVD: CVE-2019-18827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18827
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-18827
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-46445
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-728
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-18827
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-46445
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-18827
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18827
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-46445 // JVNDB: JVNDB-2019-013804 // CNNVD: CNNVD-201912-728 // NVD: CVE-2019-18827

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.0
problemtype:	CWE-285	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-013804 // NVD: CVE-2019-18827

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-728

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-728

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013804

PATCH

title:	Update your ClickShare device	url:	https://www.barco.com/en/clickshare/firmware-update	Trust: 0.8
title:	ClickShare CS-100 base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	ClickShare CSE-200 base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	ClickShare CSE-800 base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	ClickShare CSE-200+ base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	Patch for Barco ClickShare Button R9861500D01 has an unknown vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/194993	Trust: 0.6
title:	Barco ClickShare Button R9861500D01 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105993	Trust: 0.6

sources: CNVD: CNVD-2019-46445 // JVNDB: JVNDB-2019-013804 // CNNVD: CNNVD-201912-728

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18827	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-013804	Trust: 0.8
db:	CNVD	id:	CNVD-2019-46445	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-728	Trust: 0.6

sources: CNVD: CNVD-2019-46445 // JVNDB: JVNDB-2019-013804 // CNNVD: CNNVD-201912-728 // NVD: CVE-2019-18827

REFERENCES

url:	https://www.barco.com/en/clickshare/firmware-update	Trust: 2.2
url:	https://www.barco.com/en/support/software/r33050070?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18827	Trust: 2.0
url:	https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/	Trust: 1.6
url:	https://www.barco.com/en/support/software/r33050125?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 1.6
url:	https://www.barco.com/en/support/software/r33050069?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 1.6
url:	https://www.barco.com/en/support/software/r33050095?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18827	Trust: 0.8

sources: CNVD: CNVD-2019-46445 // JVNDB: JVNDB-2019-013804 // CNNVD: CNNVD-201912-728 // NVD: CVE-2019-18827

SOURCES

db:	CNVD	id:	CNVD-2019-46445
db:	JVNDB	id:	JVNDB-2019-013804
db:	CNNVD	id:	CNNVD-201912-728
db:	NVD	id:	CVE-2019-18827

LAST UPDATE DATE

2024-11-23T22:05:55.919000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-46445	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013804	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-728	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2019-18827	date:	2024-11-21T04:33:39.447

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-46445	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013804	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-728	date:	2019-12-16T00:00:00
db:	NVD	id:	CVE-2019-18827	date:	2019-12-16T17:15:11.957