10
CVE-2019-18830
- EPSS 3.35%
- Veröffentlicht 16.12.2019 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:33:39
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Barco ≫ Clickshare Cs-100 Firmware Version < 1.9.0
Barco ≫ Clickshare Cse-200 Firmware Version < 1.9.0
Barco ≫ Clickshare Cse-200+ Firmware Version < 1.9.0
Barco ≫ Clickshare Cse-800 Firmware Version < 1.9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.35% | 0.866 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.