CVE-2019-18831 : Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Expos

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate.

Published 2019-12-16 17:15:12

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-18831

Barco » Clickshare Cse-200 Firmware
Versions before (<) 1.9.0
cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Barco » Clickshare Cse-200 » Version: N/A
Barco » Clickshare Cs-100 Firmware
Versions before (<) 1.9.0
cpe:2.3:o:barco:clickshare_cs-100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Barco » Clickshare Cs-100 » Version: N/A
Barco » Clickshare Cse-200+ Firmware
Versions before (<) 1.9.0
cpe:2.3:o:barco:clickshare_cse-200\+_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Barco » Clickshare Cse-200+ » Version: N/A
Barco » Clickshare Cse-800 Firmware
Versions before (<) 1.9.0
cpe:2.3:o:barco:clickshare_cse-800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Barco » Clickshare Cse-800 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-18831

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-18831

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N	1.6	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-18831

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-18831

https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

ClickShare CSE-800 base unit firmware - Software - Barco
Product;Vendor Advisory

CVEs referencing this url
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

ClickShare CS-100 base unit firmware - Software - Barco
Product

CVEs referencing this url
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

ClickShare CSE-200+ base unit firmware - Software - Barco
Product;Vendor Advisory

CVEs referencing this url
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007

ClickShare CSE-200 base unit firmware - Software - Barco
Product;Vendor Advisory

CVEs referencing this url
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

Multiple Vulnerabilities in Barco ClickShare
Third Party Advisory

CVEs referencing this url
https://www.barco.com/en/clickshare/firmware-update

Update your ClickShare firmware - Barco
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-18831

Products affected by CVE-2019-18831

Exploit prediction scoring system (EPSS) score for CVE-2019-18831

CVSS scores for CVE-2019-18831

CWE ids for CVE-2019-18831

References for CVE-2019-18831