Sign-up

ID

VAR-201912-0681


CVE

CVE-2019-18830


TITLE

Barco ClickShare Button R9861500D01 Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-46446 // CNNVD: CNNVD-201912-720

DESCRIPTION

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Barco ClickShare Button The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Barco ClickShare Button R9861500D01 is a wireless control device for the demonstration system of Barco, Belgium. Barco ClickShare Button R9861500D01 The Dongle_bridge program embedded in versions earlier than 1.9.0 has an operating system command injection vulnerability, which originates from the process of externally inputting data to construct operating system executable commands, and the network system or product did not properly filter the special characters and commands. The attacker can use this vulnerability to execute illegal operating system commands

Trust: 2.25

sources: NVD: CVE-2019-18830 // JVNDB: JVNDB-2019-013419 // CNVD: CNVD-2019-46446 // VULMON: CVE-2019-18830

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-46446

AFFECTED PRODUCTS

vendor:barcomodel:clickshare cse-200\+scope:ltversion:1.9.0

Trust: 1.0

vendor:barcomodel:clickshare cs-100scope:ltversion:1.9.0

Trust: 1.0

vendor:barcomodel:clickshare cse-800scope:ltversion:1.9.0

Trust: 1.0

vendor:barcomodel:clickshare cse-200scope:ltversion:1.9.0

Trust: 1.0

vendor:barcomodel:clickshare cs-100scope:eqversion:1.9.0

Trust: 0.8

vendor:barcomodel:clickshare cse-200scope:eqversion:1.9.0

Trust: 0.8

vendor:barcomodel:clickshare cse-200+scope:eqversion:1.9.0

Trust: 0.8

vendor:barcomodel:clickshare cse-800scope:eqversion:1.9.0

Trust: 0.8

vendor:barcomodel:clickshare button r9861500d01scope:ltversion:1.9.0

Trust: 0.6

sources: CNVD: CNVD-2019-46446 // JVNDB: JVNDB-2019-013419 // NVD: CVE-2019-18830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18830
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-18830
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-46446
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-720
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-18830
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18830
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-46446
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18830
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18830
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-46446 // VULMON: CVE-2019-18830 // JVNDB: JVNDB-2019-013419 // CNNVD: CNNVD-201912-720 // NVD: CVE-2019-18830

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-013419 // NVD: CVE-2019-18830

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-720

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201912-720

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013419

PATCH
title:ClickShareurl:https://www.barco.com/en/clickshare/firmware-update
Trust: 0.8
title:ClickShare CS-100 base unit firmware v1.9.1.7url:https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Trust: 0.8
title:ClickShare CSE-200 base unit firmware v1.9.1.7url:https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Trust: 0.8
title:ClickShare CSE-800 base unit firmware v1.9.1.7url:https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Trust: 0.8
title:ClickShare CSE-200+ base unit firmware v1.9.1.7url:https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
Trust: 0.8
title:Patch for Barco ClickShare Button R9861500D01 Operating System Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/194973
Trust: 0.6
title:Barco ClickShare Button R9861500D01 Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105748
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46446 // 
            
            
            
            JVNDB: JVNDB-2019-013419 // 
            
            
            
            CNNVD: CNNVD-201912-720

EXTERNAL IDS
db:NVDid:CVE-2019-18830
Trust: 3.1
db:JVNDBid:JVNDB-2019-013419
Trust: 0.8
db:CNVDid:CNVD-2019-46446
Trust: 0.6
db:CNNVDid:CNNVD-201912-720
Trust: 0.6
db:VULMONid:CVE-2019-18830
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-46446 // 
            
            
            
            VULMON: CVE-2019-18830 // 
            
            
            
            JVNDB: JVNDB-2019-013419 // 
            
            
            
            CNNVD: CNNVD-201912-720 // 
            
            
            
            NVD: CVE-2019-18830

REFERENCES
url:https://www.barco.com/en/support/software/r33050070?majorversion=01&minorversion=09&patchversion=01&buildversion=007
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-18830
Trust: 2.0
url:https://www.barco.com/en/support/software/r33050069?majorversion=01&minorversion=09&patchversion=01&buildversion=007
Trust: 1.7
url:https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
Trust: 1.7
url:https://www.barco.com/en/support/software/r33050095?majorversion=01&minorversion=09&patchversion=01&buildversion=007
Trust: 1.7
url:https://www.barco.com/en/support/software/r33050125?majorversion=01&minorversion=09&patchversion=01&buildversion=007
Trust: 1.7
url:https://www.barco.com/en/clickshare/firmware-update
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18830
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-46446 // 
            
            
            
            VULMON: CVE-2019-18830 // 
            
            
            
            JVNDB: JVNDB-2019-013419 // 
            
            
            
            CNNVD: CNNVD-201912-720 // 
            
            
            
            NVD: CVE-2019-18830

SOURCES
db:CNVDid:CNVD-2019-46446
db:VULMONid:CVE-2019-18830
db:JVNDBid:JVNDB-2019-013419
db:CNNVDid:CNNVD-201912-720
db:NVDid:CVE-2019-18830

LAST UPDATE DATE
2024-11-23T21:36:23.950000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-46446date:2019-12-23T00:00:00
db:VULMONid:CVE-2019-18830date:2019-12-23T00:00:00
db:JVNDBid:JVNDB-2019-013419date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-720date:2020-06-16T00:00:00
db:NVDid:CVE-2019-18830date:2024-11-21T04:33:39.907

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-46446date:2019-12-23T00:00:00
db:VULMONid:CVE-2019-18830date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013419date:2019-12-27T00:00:00
db:CNNVDid:CNNVD-201912-720date:2019-12-16T00:00:00
db:NVDid:CVE-2019-18830date:2019-12-16T17:15:12.080