CVE-2019-18833

Name of the Vulnerable Software and Affected Versions Barco ClickShare Button R9861500D01 versions prior to 1.9.0

Description The issue allows information exposure. The encryption key of the media content shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who can perform a Man-in-the-Middle attack between the TLS connection can obtain the encryption key.

Recommendations For versions prior to 1.9.0, update to version 1.9.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent Man-in-the-Middle attacks, such as verifying the identity of the ClickShare Base Unit and ensuring the TLS connection is secure.