CVE-2024-53919

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53919
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.

7.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://cwe.mitre.org/data/definitions/78.html
https://www.barco.com/en/support/knowledge-base/15008-clickshare-cve-2024-53919
Configurations

No configuration.

History

10 Dec 2024, 16:15

Type Values Removed Values Added
CWE CWE-77
Summary
  • (es) Una vulnerabilidad de inyección en los modelos Barco ClickShare CX-30/20, C-5/10 y ClickShare Bar Pro y Core, que ejecutan firmware anterior a 2.21.1, permite a atacantes físicamente próximos o administradores locales a la interfaz de usuario web activar la ejecución de comandos a nivel de sistema operativo como superusuario.

10 Dec 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-10 02:15

Updated : 2024-12-10 16:15

NVD link : CVE-2024-53919

Mitre link : CVE-2024-53919

CVE.ORG link : CVE-2024-53919

JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')