CVE-2019-18829

Опубликовано: 17 дек. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.4

EPSS Низкий

Описание

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.

Ссылки

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
Exploit
Third Party Advisory
https://www.barco.com/en/clickshare/firmware-update
Vendor Advisory
https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013
Vendor Advisory
https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013
Vendor Advisory
https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
Exploit
Third Party Advisory
https://www.barco.com/en/clickshare/firmware-update
Vendor Advisory
https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013
Vendor Advisory
https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01&minorVersion=10&patchVersion=00&buildVersion=013
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:barco:clickshare_button_r9861500d01_firmware:*:*:*:*:*:*:*:*

Версия до 1.10.0.13 (исключая)

cpe:2.3:h:barco:clickshare_button_r9861500d01:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.0008

Низкий

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-345

Связанные уязвимости

GHSA-fr4v-rqcf-22f4

github

больше 3 лет назад

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.