// For flags

CVE-2019-18833

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key.

Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.9.0, permiten una exposición de información (problema 2 de 2). La clave de cifrado del contenido multimedia que se compartió entre un ClickShare Button y un ClickShare Base Unit es generada aleatoriamente para cada nueva sesión y se comunicó por medio de una conexión TLS. Un atacante que puede realizar un ataque de tipo Man-in-the-Middle entre la conexión TLS, puede obtener la clave de cifrado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-11-07 CVE Reserved
  • 2019-12-17 CVE Published
  • 2023-04-21 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-311: Missing Encryption of Sensitive Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Barco
Search vendor "Barco"
 Clickshare Button R9861500d01 Firmware
Search vendor "Barco" for product "Clickshare Button R9861500d01 Firmware"
 < 1.9.0
Search vendor "Barco" for product "Clickshare Button R9861500d01 Firmware" and version " < 1.9.0"
-
Affected
in Barco
Search vendor "Barco"
 Clickshare Button R9861500d01
Search vendor "Barco" for product "Clickshare Button R9861500d01"
--
Safe