CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-18825
https://notcve.org/view.php?id=CVE-2019-18825
Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200. Los dispositivos Barco ClickShare Huddle CS-100 versiones anteriores a la versión 1.9.0 y CSE-200 versiones anteriores a la versión 1.9.0, tienen una Gestión de Credenciales incorrecta. La ClickShare Base Unit implementa el cifrado en reposo utilizando claves de cifrado que son compartidas por medio de todas las ClickShare Base Units de los modelos CS-100 y CSE-200. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18831
https://notcve.org/view.php?id=CVE-2019-18831
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una exposición de información. El firmware de cifrado de ClickShare Button contiene la clave privada de un certificado de dispositivo de prueba. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2019-18830
https://notcve.org/view.php?id=CVE-2019-18830
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, permiten una inyección de comandos de sistema operativo. El programa integrado "dongle_bridge" utilizado para exponer las funcionalidades del botón ClickShare a un host USB, es susceptible a vulnerabilidades de inyección de comandos de sistema operativo. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18828
https://notcve.org/view.php?id=CVE-2019-18828
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password. Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, poseen credenciales insuficientemente protegidas. La cuenta root (presente para el acceso por medio de interfaces de depuración, que por defecto no están habilitadas en dispositivos de producción) del Linux integrado en el ClickShare Button está usando una contraseña débil. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 1%CPEs: 8EXPL: 0CVE-2019-18827
https://notcve.org/view.php?id=CVE-2019-18827
On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware. En los dispositivos Barco ClickShare Button R9861500D01 (versiones de firmware anteriores a 1.9.0) el acceso JTAG se deshabilita después de una ejecución de código ROM. Esto significa que el acceso JTAG es posible cuando el sistema ejecuta código desde ROM antes de transferir el control al firmware incorporado. • https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare https://www.barco.com/en/clickshare/firmware-update https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007 https://www.barco.com/en/support/software&# • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •