CVE-2019-18829 - Vulnerability Details

Vendors	Products
Barco	Clickshare Button R9861500d01 Clickshare Button R9861500d01 Firmware

Link	Providers
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
https://www.barco.com/en/clickshare/firmware-update
https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013
https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-13T16:46:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"tags": ["x_refsource_MISC"], "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18829", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.barco.com/en/clickshare/firmware-update", "refsource": "MISC", "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"name": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/", "refsource": "MISC", "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}, {"name": "https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013", "refsource": "CONFIRM", "url": "https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}, {"name": "https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013", "refsource": "CONFIRM", "url": "https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:02:39.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18829", "datePublished": "2019-12-17T13:50:54", "dateReserved": "2019-11-07T00:00:00", "dateUpdated": "2024-08-05T02:02:39.555Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-08-13T16:46:44 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.barco.com/en/clickshare/firmware-update (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2019-18829 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.barco.com/en/clickshare/firmware-update (string)

refsource : MISC (string)

url : https://www.barco.com/en/clickshare/firmware-update (string)

}

1 : { »

name : https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ (string)

refsource : MISC (string)

url : https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ (string)

}

2 : { »

name : https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

refsource : CONFIRM (string)

url : https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

3 : { »

name : https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

refsource : CONFIRM (string)

url : https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T02:02:39.555Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.barco.com/en/clickshare/firmware-update (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2019-18829 (string)

datePublished : 2019-12-17T13:50:54 (string)

dateReserved : 2019-11-07T00:00:00 (string)

dateUpdated : 2024-08-05T02:02:39.555Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:barco:clickshare_button_r9861500d01_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCC7D094-0981-4E07-89A6-3825BF56E1DD", "versionEndExcluding": "1.10.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:barco:clickshare_button_r9861500d01:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDEA8D4F-FA2D-4B2A-81D5-7843FE198B23", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity."}, {"lang": "es", "value": "Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versi\u00f3n 1.10.0.13, no poseen un soporte para la comprobaci\u00f3n de integridad. El binario firmado \"Clickshare_For_Windows.exe\" sobre el ClickShare Button (R9861500D01) carga una cantidad de archivos DLL din\u00e1micamente sin comprobar su integridad"}], "id": "CVE-2019-18829", "lastModified": "2024-11-21T04:33:39.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-17T14:15:17.903", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:barco:clickshare_button_r9861500d01_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BCC7D094-0981-4E07-89A6-3825BF56E1DD (string)

versionEndExcluding : 1.10.0.13 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:barco:clickshare_button_r9861500d01:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DDEA8D4F-FA2D-4B2A-81D5-7843FE198B23 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity. (string)

}

1 : { »

lang : es (string)

value : Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versión 1.10.0.13, no poseen un soporte para la comprobación de integridad. El binario firmado "Clickshare_For_Windows.exe" sobre el ClickShare Button (R9861500D01) carga una cantidad de archivos DLL dinámicamente sin comprobar su integridad (string)

}

]

id : CVE-2019-18829 (string)

lastModified : 2024-11-21T04:33:39.760 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-12-17T14:15:17.903 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.barco.com/en/clickshare/firmware-update (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/ (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.barco.com/en/clickshare/firmware-update (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-345 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object