Missing Integrity Check in Barco ClickShare Device
CVE-2019-18829

7.8HIGH

Key Information:

Vendor

Barco

Status
Clickshare Button R9861500d01 Firmware
Vendor
CVE Published:
17 December 2019

What is CVE-2019-18829?

Barco ClickShare Button R9861500D01 devices prior to version 1.10.0.13 are vulnerable due to a missing integrity check in the loading of dynamic DLL files. The affected device executes the 'Clickshare_For_Windows.exe' binary without verifying the integrity of the subsequently loaded DLL files, placing the system at risk for malicious exploitation. Immediate updates to the latest firmware are recommended to mitigate any security threats.

References

https://www.barco.com/en/clickshare/firmware-update
x_refsource_MISC
https://labs.f-secure.com/advisories/multiple-vulnerabili...
x_refsource_MISC
https://www.barco.com/en/clickshare/support/software/R330...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.