Details of VAR-201912-0679

ID

VAR-201912-0679

CVE

CVE-2019-18828

TITLE

Barco ClickShare Button Vulnerability related to information leak from cache in device

Trust: 0.8

sources: JVNDB: JVNDB-2019-013418

DESCRIPTION

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Barco ClickShare Button The device contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability originated from the program's insufficient protection of credentials, and an attacker could use this vulnerability to gain root user identity

Trust: 2.16

sources: NVD: CVE-2019-18828 // JVNDB: JVNDB-2019-013418 // CNVD: CNVD-2019-46444

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-46444

AFFECTED PRODUCTS

vendor:	barco	model:	clickshare cse-200\+	scope:	lt	version:	1.9.0	Trust: 1.0
vendor:	barco	model:	clickshare cs-100	scope:	lt	version:	1.9.0	Trust: 1.0
vendor:	barco	model:	clickshare cse-800	scope:	lt	version:	1.9.0	Trust: 1.0
vendor:	barco	model:	clickshare cse-200	scope:	lt	version:	1.9.0	Trust: 1.0
vendor:	barco	model:	clickshare cs-100	scope:	eq	version:	1.9.0	Trust: 0.8
vendor:	barco	model:	clickshare cse-200	scope:	eq	version:	1.9.0	Trust: 0.8
vendor:	barco	model:	clickshare cse-200+	scope:	eq	version:	1.9.0	Trust: 0.8
vendor:	barco	model:	clickshare cse-800	scope:	eq	version:	1.9.0	Trust: 0.8
vendor:	barco	model:	clickshare button r9861500d01	scope:	lt	version:	1.9.0	Trust: 0.6

sources: CNVD: CNVD-2019-46444 // JVNDB: JVNDB-2019-013418 // NVD: CVE-2019-18828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18828
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-18828
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-46444
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-727
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-18828
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-46444
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-18828
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18828
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-46444 // JVNDB: JVNDB-2019-013418 // CNNVD: CNNVD-201912-727 // NVD: CVE-2019-18828

PROBLEMTYPE DATA

problemtype:	CWE-521	Trust: 1.0
problemtype:	CWE-522	Trust: 0.8

sources: JVNDB: JVNDB-2019-013418 // NVD: CVE-2019-18828

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-727

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013418

PATCH

title:	ClickShare	url:	https://www.barco.com/en/clickshare/firmware-update	Trust: 0.8
title:	ClickShare CS-100 base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	ClickShare CSE-200 base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	ClickShare CSE-800 base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	ClickShare CSE-200+ base unit firmware v1.9.1.7	url:	https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007	Trust: 0.8
title:	Patch for Barco ClickShare Button R9861500D01 Insufficient Credential Protection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/194987	Trust: 0.6
title:	Barco ClickShare Button R9861500D01 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105750	Trust: 0.6

sources: CNVD: CNVD-2019-46444 // JVNDB: JVNDB-2019-013418 // CNNVD: CNNVD-201912-727

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18828	Trust: 3.0
db:	JVN	id:	JVNVU93632155	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013418	Trust: 0.8
db:	CNVD	id:	CNVD-2019-46444	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-727	Trust: 0.6

sources: CNVD: CNVD-2019-46444 // JVNDB: JVNDB-2019-013418 // CNNVD: CNNVD-201912-727 // NVD: CVE-2019-18828

REFERENCES

url:	https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/	Trust: 2.2
url:	https://www.barco.com/en/support/software/r33050069?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18828	Trust: 2.0
url:	https://www.barco.com/en/clickshare/firmware-update	Trust: 1.6
url:	https://www.barco.com/en/support/software/r33050070?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 1.6
url:	https://www.barco.com/en/support/software/r33050125?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 1.6
url:	https://www.barco.com/en/support/software/r33050095?majorversion=01&minorversion=09&patchversion=01&buildversion=007	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18828	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93632155/	Trust: 0.8

sources: CNVD: CNVD-2019-46444 // JVNDB: JVNDB-2019-013418 // CNNVD: CNNVD-201912-727 // NVD: CVE-2019-18828

SOURCES

db:	CNVD	id:	CNVD-2019-46444
db:	JVNDB	id:	JVNDB-2019-013418
db:	CNNVD	id:	CNNVD-201912-727
db:	NVD	id:	CVE-2019-18828

LAST UPDATE DATE

2024-11-23T19:30:54.657000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-46444	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013418	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-727	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-18828	date:	2024-11-21T04:33:39.600

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-46444	date:	2019-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-013418	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201912-727	date:	2019-12-16T00:00:00
db:	NVD	id:	CVE-2019-18828	date:	2019-12-16T17:15:12.017