CVE-2019-18828 — MEDIUM (6.8)

Q: How severe is CVE-2019-18828?

CVE-2019-18828 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-18828?

Check the references section above for vendor advisories and patch information. Affected products include: Barco Clickshare Cs-100 Firmware, Barco Clickshare Cs-100, Barco Clickshare Cse-200 Firmware, Barco Clickshare Cse-200, Barco Clickshare Cse-200\+ Firmware.

Vulnerability Description

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Barco	Clickshare Cs-100 Firmware	< 1.9.0
Barco	Clickshare Cs-100	-
Barco	Clickshare Cse-200 Firmware	< 1.9.0
Barco	Clickshare Cse-200	-
Barco	Clickshare Cse-200\+ Firmware	< 1.9.0
Barco	Clickshare Cse-200\+	-
Barco	Clickshare Cse-800 Firmware	< 1.9.0
Barco	Clickshare Cse-800	-

Related Weaknesses (CWE)

CWE-521

References

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clicksharThird Party Advisory
https://www.barco.com/en/clickshare/firmware-updateProduct
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersionProductVendor Advisory
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clicksharThird Party Advisory
https://www.barco.com/en/clickshare/firmware-updateProduct
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersionProductVendor Advisory

FAQ

What is CVE-2019-18828?

CVE-2019-18828 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on produ...

How severe is CVE-2019-18828?

CVE-2019-18828 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18828?

Check the references section above for vendor advisories and patch information. Affected products include: Barco Clickshare Cs-100 Firmware, Barco Clickshare Cs-100, Barco Clickshare Cse-200 Firmware, Barco Clickshare Cse-200, Barco Clickshare Cse-200\+ Firmware.