Details of VAR-201912-0691

ID

VAR-201912-0691

CVE

CVE-2019-18824

TITLE

Barco ClickShare Button R9861500D01 Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-013448

DESCRIPTION

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used. Barco ClickShare Button R9861500D01 The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can use this vulnerability to open a backdoor to the device and present specially crafted data to the user

Trust: 2.25

sources: NVD: CVE-2019-18824 // JVNDB: JVNDB-2019-013448 // CNVD: CNVD-2020-22807 // VULMON: CVE-2019-18824

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-22807

AFFECTED PRODUCTS

vendor:	barco	model:	clickshare button r9861500d01	scope:	lt	version:	1.9.0	Trust: 1.4
vendor:	barco	model:	clickshare button r9861500d01	scope:	lt	version:	1.10.0.13	Trust: 1.0

sources: CNVD: CNVD-2020-22807 // JVNDB: JVNDB-2019-013448 // NVD: CVE-2019-18824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18824
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-18824
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-22807
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-771
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-18824
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-18824
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-22807
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-18824
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18824
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-22807 // VULMON: CVE-2019-18824 // JVNDB: JVNDB-2019-013448 // CNNVD: CNNVD-201912-771 // NVD: CVE-2019-18824

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-013448 // NVD: CVE-2019-18824

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-771

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013448

PATCH

title:	Update your ClickShare device	url:	https://www.barco.com/en/clickshare/firmware-update	Trust: 0.8
title:	Patch for Barco ClickShare Button R9861500D01 Input Verification Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/213745	Trust: 0.6
title:	Barco ClickShare Button R9861500D01 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105916	Trust: 0.6

sources: CNVD: CNVD-2020-22807 // JVNDB: JVNDB-2019-013448 // CNNVD: CNNVD-201912-771

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18824	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-013448	Trust: 0.8
db:	CNVD	id:	CNVD-2020-22807	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-771	Trust: 0.6
db:	VULMON	id:	CVE-2019-18824	Trust: 0.1

sources: CNVD: CNVD-2020-22807 // VULMON: CVE-2019-18824 // JVNDB: JVNDB-2019-013448 // CNNVD: CNNVD-201912-771 // NVD: CVE-2019-18824

REFERENCES

url:	https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/	Trust: 2.5
url:	https://www.barco.com/en/clickshare/firmware-update	Trust: 2.3
url:	https://www.barco.com/en/clickshare/support/software/r33050070?majorversion=01&minorversion=10&patchversion=00&buildversion=013	Trust: 1.7
url:	https://www.barco.com/en/clickshare/support/software/r33050069?majorversion=01&minorversion=10&patchversion=00&buildversion=013	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18824	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18824	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/345.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-22807 // VULMON: CVE-2019-18824 // JVNDB: JVNDB-2019-013448 // CNNVD: CNNVD-201912-771 // NVD: CVE-2019-18824

SOURCES

db:	CNVD	id:	CNVD-2020-22807
db:	VULMON	id:	CVE-2019-18824
db:	JVNDB	id:	JVNDB-2019-013448
db:	CNNVD	id:	CNNVD-201912-771
db:	NVD	id:	CVE-2019-18824

LAST UPDATE DATE

2024-11-23T22:41:17.288000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-22807	date:	2020-04-14T00:00:00
db:	VULMON	id:	CVE-2019-18824	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-013448	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201912-771	date:	2020-08-14T00:00:00
db:	NVD	id:	CVE-2019-18824	date:	2024-11-21T04:33:39

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-22807	date:	2020-04-14T00:00:00
db:	VULMON	id:	CVE-2019-18824	date:	2019-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-013448	date:	2020-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201912-771	date:	2019-12-17T00:00:00
db:	NVD	id:	CVE-2019-18824	date:	2019-12-17T14:15:17.747