Vulnerability Details : CVE-2019-18828
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.
Products affected by CVE-2019-18828
- cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:barco:clickshare_cs-100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:barco:clickshare_cse-200\+_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:barco:clickshare_cse-800_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18828
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18828
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2019-18828
-
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18828
-
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CSE-800 base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CS-100 base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CSE-200+ base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CSE-200 base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
Multiple Vulnerabilities in Barco ClickShareThird Party Advisory
-
https://www.barco.com/en/clickshare/firmware-update
Update your ClickShare firmware - BarcoProduct
Jump to