CVE-2019-18833

Published: Dec 17, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key.

Affected (1)

Products: Barco: Clickshare Button R9861500d01 Firmware

1 product

Clickshare Button R9861500d01 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Barco Clickshare Button R9861500d01 Firmware	Before 1.9.0

Running on/with	Platform Versions
Barco Clickshare Button R9861500d01	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (4)

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.barco.com/en/clickshare/firmware-update

Source: cve@mitre.org

Vendor Advisory

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.barco.com/en/clickshare/firmware-update

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.