CVE-2019-18829

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed Clickshare_For_Windows.exe binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name	Vendor	Start Version	End Version
Clickshare_button_r9861500d01_firmware	Barco	*	1.10.0.13 (excluding)

https://cwe.mitre.org/data/definitions/111.html
https://cwe.mitre.org/data/definitions/141.html
https://cwe.mitre.org/data/definitions/142.html
https://cwe.mitre.org/data/definitions/148.html
https://cwe.mitre.org/data/definitions/218.html
https://cwe.mitre.org/data/definitions/384.html
https://cwe.mitre.org/data/definitions/385.html
https://cwe.mitre.org/data/definitions/386.html
https://cwe.mitre.org/data/definitions/387.html
https://cwe.mitre.org/data/definitions/388.html
https://cwe.mitre.org/data/definitions/665.html
https://cwe.mitre.org/data/definitions/701.html

References

https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/
https://www.barco.com/en/clickshare/firmware-update
https://www.barco.com/en/clickshare/support/software/R33050069?majorVersion=01\u0026minorVersion=10\u0026patchVersion=00\u0026buildVersion=013
https://www.barco.com/en/clickshare/support/software/R33050070?majorVersion=01\u0026minorVersion=10\u0026patchVersion=00\u0026buildVersion=013

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-18829
CWE	https://cwe.mitre.org/data/definitions/345.html

Insufficient Verification of Data Authenticity

Weakness

Affected Software

Related Attack Patterns

References