CVE-2021-38142

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
Configurations

Configuration 1 (hide)

cpe:2.3:a:barco:mirrorop_windows_sender:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:16

Type Values Removed Values Added
References () https://www.barco.com/en/support/cms - Vendor Advisory () https://www.barco.com/en/support/cms - Vendor Advisory
References () https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 - Release Notes, Vendor Advisory () https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 - Release Notes, Vendor Advisory

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-94 CWE-319

14 Sep 2021, 15:56

Type Values Removed Values Added
CPE cpe:2.3:a:barco:mirrorop_windows_sender:*:*:*:*:*:*:*:*
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : 7.2
v3 : 8.8
References (MISC) https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 - (MISC) https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65 - Release Notes, Vendor Advisory
References (MISC) https://www.barco.com/en/support/cms - (MISC) https://www.barco.com/en/support/cms - Vendor Advisory

07 Sep 2021, 18:53

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-07 18:15

Updated : 2024-11-21 06:16


NVD link : CVE-2021-38142

Mitre link : CVE-2021-38142

CVE.ORG link : CVE-2021-38142


JSON object : View

Products Affected

barco

  • mirrorop_windows_sender
CWE
CWE-319

Cleartext Transmission of Sensitive Information