PT-2019-15689 · Barco · Clickshare Button+1

Published

2019-12-17

Updated

2019-12-26

CVE-2019-18833

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Barco ClickShare Button R9861500D01 versions prior to 1.9.0

Description The issue allows information exposure. The encryption key of the media content shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who can perform a Man-in-the-Middle attack between the TLS connection can obtain the encryption key.

Recommendations For versions prior to 1.9.0, update to version 1.9.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent Man-in-the-Middle attacks, such as verifying the identity of the ClickShare Base Unit and ensuring the TLS connection is secure.

Exploit

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2019-18833

Affected Products

Clickshare Base Unit

Clickshare Button

PT-2019-15689 · Barco · Clickshare Button+1

CVE-2019-18833

Weakness Enumeration

Related Identifiers

Affected Products

References · 4