CVE-2019-18828

{"id": "CVE-2019-18828", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2019-12-16T17:15:12.017", "references": [{"url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.barco.com/en/clickshare/firmware-update", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.barco.com/en/clickshare/firmware-update", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account (present for access via debug interfaces, which are by default not enabled on production devices) of the embedded Linux on the ClickShare Button is using a weak password."}, {"lang": "es", "value": "Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a 1.9.0, poseen credenciales insuficientemente protegidas. La cuenta root (presente para el acceso por medio de interfaces de depuraci\u00f3n, que por defecto no est\u00e1n habilitadas en dispositivos de producci\u00f3n) del Linux integrado en el ClickShare Button est\u00e1 usando una contrase\u00f1a d\u00e9bil."}], "lastModified": "2024-11-21T04:33:39.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:barco:clickshare_cs-100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7090BDE3-6955-4AE6-82FF-BB3AB9AD9620", "versionEndExcluding": "1.9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:barco:clickshare_cs-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0202C18-FEE5-4B0B-AEE6-793773D72393"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "022393D3-16B2-4ABB-865B-AB75D34A1D27", "versionEndExcluding": "1.9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:barco:clickshare_cse-200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7906FBC3-E8B5-4574-B13A-5DED4A60585B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:barco:clickshare_cse-200\\+_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E84C6C03-91F5-4713-8B67-BA8044812F87", "versionEndExcluding": "1.9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:barco:clickshare_cse-200\\+:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D18F4F1D-F306-4D4E-AA43-39D6E59013AD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:barco:clickshare_cse-800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4542798B-C4CE-4DE1-83A1-7B24D33F940A", "versionEndExcluding": "1.9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:barco:clickshare_cse-800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9ABDD364-D1A4-4D96-8367-2CBDB53954D4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}