CVE-2019-18830 — CRITICAL (9.8)

Q: How severe is CVE-2019-18830?

CVE-2019-18830 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-18830?

Check the references section above for vendor advisories and patch information. Affected products include: Barco Clickshare Cs-100 Firmware, Barco Clickshare Cs-100, Barco Clickshare Cse-200 Firmware, Barco Clickshare Cse-200, Barco Clickshare Cse-200\+ Firmware.

Vulnerability Description

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Barco	Clickshare Cs-100 Firmware	< 1.9.0
Barco	Clickshare Cs-100	-
Barco	Clickshare Cse-200 Firmware	< 1.9.0
Barco	Clickshare Cse-200	-
Barco	Clickshare Cse-200\+ Firmware	< 1.9.0
Barco	Clickshare Cse-200\+	-
Barco	Clickshare Cse-800 Firmware	< 1.9.0
Barco	Clickshare Cse-800	-

Related Weaknesses (CWE)

CWE-78

References

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clicksharThird Party Advisory
https://www.barco.com/en/clickshare/firmware-updateProduct
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersionProductVendor Advisory
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clicksharThird Party Advisory
https://www.barco.com/en/clickshare/firmware-updateProduct
https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersionProductVendor Advisory
https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersionProductVendor Advisory

FAQ

What is CVE-2019-18830?

CVE-2019-18830 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is ...

How severe is CVE-2019-18830?

CVE-2019-18830 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-18830?

Check the references section above for vendor advisories and patch information. Affected products include: Barco Clickshare Cs-100 Firmware, Barco Clickshare Cs-100, Barco Clickshare Cse-200 Firmware, Barco Clickshare Cse-200, Barco Clickshare Cse-200\+ Firmware.