Vulnerability Details CVE-2016-3151
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html
- http://www.securityfocus.com/archive/1/539754/100/0/threaded
- http://www.securityfocus.com/bid/94330
- http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html
- http://www.securityfocus.com/archive/1/539754/100/0/threaded
- http://www.securityfocus.com/bid/94330
Products affected by CVE-2016-3151
-
cpe:2.3:h:barco:clickshare_csc-1:-
-
cpe:2.3:h:barco:clickshare_cse-200:-
-
cpe:2.3:h:barco:clickshare_csm-1:-
-
cpe:2.3:o:barco:clickshare_csc-1_firmware:01.09.02.03
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:-
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:01.03.01.05
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.1.0.8
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.2.0.1
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.2.1.1
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.2.2.3
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.3.0.29
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.3.1.3
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.3.1.5
-
cpe:2.3:o:barco:clickshare_csm-1_firmware:01.06.01.04