CVE-2019-18832 - OpenCVE

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Barco	Clickshare Button R9861500d01 Clickshare Button R9861500d01 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:barco:clickshare_button_r9861500d01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:barco:clickshare_button_r9861500d01:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
https://www.barco.com/en/clickshare/firmware-update

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-17T13:51:58

Updated: 2024-08-05T02:02:39.781Z

Reserved: 2019-11-07T00:00:00

Link: CVE-2019-18832

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-17T14:15:17.967

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-18832

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-17T13:51:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"tags": ["x_refsource_MISC"], "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18832", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.barco.com/en/clickshare/firmware-update", "refsource": "MISC", "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"name": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/", "refsource": "MISC", "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:02:39.781Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.barco.com/en/clickshare/firmware-update"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18832", "datePublished": "2019-12-17T13:51:58", "dateReserved": "2019-11-07T00:00:00", "dateUpdated": "2024-08-05T02:02:39.781Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:barco:clickshare_button_r9861500d01_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "99C3E881-7CCC-40BA-82EC-9D3B68C635C1", "versionEndExcluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:barco:clickshare_button_r9861500d01:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDEA8D4F-FA2D-4B2A-81D5-7843FE198B23", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01."}, {"lang": "es", "value": "Los dispositivos Barco ClickShare Button R9861500D01 versiones anteriores a la versi\u00f3n 1.9.0, tienen una Gesti\u00f3n de Credenciales incorrecta. Los ClickShare Button implementan el cifrado en reposo que utiliza una clave de cifrado AES (OTP) programable de una sola vez. Esta clave se comparte en todos los dispositivos ClickShare Buttons del modelo R9861500D01."}], "id": "CVE-2019-18832", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-17T14:15:17.967", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/clickshare/firmware-update"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}