CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-38142

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 7.2

References

https://www.barco.com/en/support/cms
https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65
https://www.barco.com/en/support/cms
https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65

Products affected by CVE-2021-38142

Barco » Mirrorop Windows Sender » Version: N/A

cpe:2.3:a:barco:mirrorop_windows_sender:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-38142

Products

Pricing

Contact Us