Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
References
Link | Resource |
---|---|
https://www.barco.com/en/support/cms | Vendor Advisory |
https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 | Release Notes Vendor Advisory |
https://www.barco.com/en/support/cms | Vendor Advisory |
https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 | Release Notes Vendor Advisory |
Configurations
History
21 Nov 2024, 06:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.barco.com/en/support/cms - Vendor Advisory | |
References | () https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 - Release Notes, Vendor Advisory |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-319 |
14 Sep 2021, 15:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:barco:mirrorop_windows_sender:*:*:*:*:*:*:*:* | |
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 8.8 |
References | (MISC) https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 - Release Notes, Vendor Advisory | |
References | (MISC) https://www.barco.com/en/support/cms - Vendor Advisory |
07 Sep 2021, 18:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-07 18:15
Updated : 2024-11-21 06:16
NVD link : CVE-2021-38142
Mitre link : CVE-2021-38142
CVE.ORG link : CVE-2021-38142
JSON object : View
Products Affected
barco
- mirrorop_windows_sender
CWE
CWE-319
Cleartext Transmission of Sensitive Information