Summary
A vulnerability in the Firmware of the ClickShare Base Units could allow an administrator or someone with physical access to execute commands on the device.
Barco has released a hotfix Firmware update (version 2.21.1) that addresses this vulnerability.
Affected Products
This vulnerability impacts the following models:
- ClickShare C-5 and C-10
- ClickShare CX-20 and CX-30
- ClickShare Bar Pro and Core
Other models such as CS(E), as well as CX-50 and CX-50 2nd Gen, are not affected.
Fixed Firmware
Barco has released a hotfix Firmware update (version 2.21.1) that addresses the vulnerability described in this advisory.
We strongly encourage all customers to update their devices as soon as possible. This update is critical, and downgrading below version 2.21.1 will not be possible.
If your firmware updates are set to automatic, you do not have to take additional actions. If you´d like to configure automatic firmware updates on your ClickShare Base Unit, check out our article here.
How to update your devices?
Update via XMS Cloud
If you´d like to choose when updates are executed or need to schedule them in bulk, access XMS Cloud. There you can also activate automatic updates or receive notifications whenever new firmware versions are available.
Manual update
To manually update the firmware on a single ClickShare Base Unit, you can either upload it through the ClickShare Configurator or use a USB stick for the update. Read the full instructions here.
If you are unable to upgrade your devices or have additional questions, please contact www.barco.com/support
Exploitation and Public Announcements
The Barco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
