Vulnerability Details : CVE-2019-18830
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.
Products affected by CVE-2019-18830
- cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:barco:clickshare_cs-100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:barco:clickshare_cse-200\+_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:barco:clickshare_cse-800_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18830
2.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18830
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-18830
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18830
-
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CSE-800 base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CS-100 base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CSE-200+ base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
ClickShare CSE-200 base unit firmware - Software - BarcoProduct;Vendor Advisory
-
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
Multiple Vulnerabilities in Barco ClickShareThird Party Advisory
-
https://www.barco.com/en/clickshare/firmware-update
Update your ClickShare firmware - BarcoProduct
Jump to