CVE-2019-18827 — MEDIUM (5.9)

Q: How severe is CVE-2019-18827?

CVE-2019-18827 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-18827?

Check the references section above for vendor advisories and patch information. Affected products include: Barco Clickshare Cs-100 Firmware, Barco Clickshare Cs-100, Barco Clickshare Cse-200 Firmware, Barco Clickshare Cse-200, Barco Clickshare Cse-200\+ Firmware.

Vulnerability Description

On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Barco	Clickshare Cs-100 Firmware	< 1.9.0
Barco	Clickshare Cs-100	-
Barco	Clickshare Cse-200 Firmware	< 1.9.0
Barco	Clickshare Cse-200	-
Barco	Clickshare Cse-200\+ Firmware	< 1.9.0
Barco	Clickshare Cse-200\+	-
Barco	Clickshare Cse-800 Firmware	< 1.9.0
Barco	Clickshare Cse-800	-

Related Weaknesses (CWE)

CWE-362 CWE-285

References

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clicksharThird Party Advisory
https://www.barco.com/en/clickshare/firmware-updateProduct
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersionProductVendor Advisory
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clicksharThird Party Advisory
https://www.barco.com/en/clickshare/firmware-updateProduct
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersionProductVendor Advisory

FAQ

What is CVE-2019-18827?

CVE-2019-18827 is a vulnerability with a CVSS score of 5.9 (MEDIUM). On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code...

How severe is CVE-2019-18827?

CVE-2019-18827 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18827?

Check the references section above for vendor advisories and patch information. Affected products include: Barco Clickshare Cs-100 Firmware, Barco Clickshare Cs-100, Barco Clickshare Cse-200 Firmware, Barco Clickshare Cse-200, Barco Clickshare Cse-200\+ Firmware.