CVE-2019-18833
https://notcve.org/view.php?id=CVE-2019-18833
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.9.0, permiten una exposición de información (problema 2 de 2). La clave de cifrado del contenido multimedia que se compartió entre un ClickShare Button y un ClickShare Base Unit es generada aleatoriamente para cada nueva sesión y se comunicó por medio de una conexión TLS. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update • CWE-311: Missing Encryption of Sensitive Data •
CVE-2019-18832
https://notcve.org/view.php?id=CVE-2019-18832
Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.9.0, tienen una Gestión de Credenciales incorrecta. Los ClickShare Button implementan el cifrado en reposo que utiliza una clave de cifrado AES (OTP) programable de una sola vez. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2019-18829
https://notcve.org/view.php?id=CVE-2019-18829
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.10.0.13, no poseen un soporte para la comprobación de integridad. El binario firmado "Clickshare_For_Windows.exe" sobre el ClickShare Button (R9861500D01) carga una cantidad de archivos DLL dinámicamente sin comprobar su integridad • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2019-18824
https://notcve.org/view.php?id=CVE-2019-18824
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition before being used. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.10.0.13, tienen una Falta de Soporte para la Comprobación de Integridad. Los ClickShare Button no comprueban la integridad del contenido mutable en la partición UBIFS antes de ser utilizada • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 • CWE-345: Insufficient Verification of Data Authenticity •