CVE-2019-18827
Severity CVSS v4.0:
Pending analysis
Type:
CWE-285
Improper Authorization
Publication date:
16/12/2019
Last modified:
21/07/2021
Description
On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:barco:clickshare_cs-100_firmware:*:*:*:*:*:*:*:* | 1.9.0 (excluding) | |
| cpe:2.3:h:barco:clickshare_cs-100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:* | 1.9.0 (excluding) | |
| cpe:2.3:h:barco:clickshare_cse-200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:barco:clickshare_cse-200\+_firmware:*:*:*:*:*:*:*:* | 1.9.0 (excluding) | |
| cpe:2.3:h:barco:clickshare_cse-200\+:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:barco:clickshare_cse-800_firmware:*:*:*:*:*:*:*:* | 1.9.0 (excluding) | |
| cpe:2.3:h:barco:clickshare_cse-800:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
- https://www.barco.com/en/clickshare/firmware-update
- https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
- https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
- https://www.barco.com/en/support/software/R33050095?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007
- https://www.barco.com/en/support/software/R33050125?majorVersion=01&minorVersion=09&patchVersion=01&buildVersion=007