Details of VAR-201806-1058

ID

VAR-201806-1058

CVE

CVE-2018-11228

TITLE

Crestron Multiple Products CTP Console UPDATEPASSWORD Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-18-935

DESCRIPTION

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the ADDUSER command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products

Trust: 11.61

sources: NVD: CVE-2018-11228 // ZDI: ZDI-18-926 // ZDI: ZDI-18-915 // ZDI: ZDI-18-917 // ZDI: ZDI-18-937 // ZDI: ZDI-18-934 // ZDI: ZDI-18-923 // ZDI: ZDI-18-925 // ZDI: ZDI-18-935 // ZDI: ZDI-18-927 // ZDI: ZDI-18-929 // ZDI: ZDI-18-916 // ZDI: ZDI-18-938 // ZDI: ZDI-18-924 // ZDI: ZDI-18-931 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-933 // CNVD: CNVD-2018-12159 // VULMON: CVE-2018-11228

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12159

AFFECTED PRODUCTS

vendor:	crestron	model:	tsw-760	scope:	-	version:	-	Trust: 11.2
vendor:	crestron	model:	toolbox protocol	scope:	lt	version:	2.001.0037.001	Trust: 1.0
vendor:	crestron	model:	tsw-1060	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-1060-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-929 // ZDI: ZDI-18-927 // ZDI: ZDI-18-933 // ZDI: ZDI-18-925 // ZDI: ZDI-18-923 // ZDI: ZDI-18-934 // ZDI: ZDI-18-937 // ZDI: ZDI-18-917 // ZDI: ZDI-18-915 // CNVD: CNVD-2018-12159 // NVD: CVE-2018-11228

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-11228
value:	HIGH
Trust: 11.2
nvd@nist.gov:	CVE-2018-11228
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2018-12159
value:	HIGH
Trust: 0.6
VULMON:	CVE-2018-11228
value:	HIGH
Trust: 0.1

ZDI:	CVE-2018-11228
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 9.8
ZDI:	CVE-2018-11228
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
nvd@nist.gov:	CVE-2018-11228
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2018-12159
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-11228
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.0

sources: NVD: CVE-2018-11228

PATCH

title:	Crestron has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01	Trust: 11.2
title:	Patches for multiple Crestron product code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/132893	Trust: 0.6
title:	crestron_getsudopwd	url:	https://github.com/axcheron/crestron_getsudopwd	Trust: 0.1
title:	CVE-2018-13341	url:	https://github.com/Rajchowdhury420/CVE-2018-13341	Trust: 0.1

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11228	Trust: 12.9
db:	BID	id:	105051	Trust: 1.1
db:	ICS CERT	id:	ICSA-18-221-01	Trust: 1.1
db:	ZDI_CAN	id:	ZDI-CAN-6176	Trust: 0.7
db:	ZDI	id:	ZDI-18-935	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6167	Trust: 0.7
db:	ZDI	id:	ZDI-18-926	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6274	Trust: 0.7
db:	ZDI	id:	ZDI-18-1080	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6172	Trust: 0.7
db:	ZDI	id:	ZDI-18-931	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6165	Trust: 0.7
db:	ZDI	id:	ZDI-18-924	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6189	Trust: 0.7
db:	ZDI	id:	ZDI-18-938	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6156	Trust: 0.7
db:	ZDI	id:	ZDI-18-916	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6170	Trust: 0.7
db:	ZDI	id:	ZDI-18-929	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6168	Trust: 0.7
db:	ZDI	id:	ZDI-18-927	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6174	Trust: 0.7
db:	ZDI	id:	ZDI-18-933	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6166	Trust: 0.7
db:	ZDI	id:	ZDI-18-925	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6164	Trust: 0.7
db:	ZDI	id:	ZDI-18-923	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6175	Trust: 0.7
db:	ZDI	id:	ZDI-18-934	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6178	Trust: 0.7
db:	ZDI	id:	ZDI-18-937	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6157	Trust: 0.7
db:	ZDI	id:	ZDI-18-917	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6155	Trust: 0.7
db:	ZDI	id:	ZDI-18-915	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12159	Trust: 0.6
db:	VULMON	id:	CVE-2018-11228	Trust: 0.1

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-221-01	Trust: 12.4
url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet	Trust: 1.1
url:	http://www.securityfocus.com/bid/105051	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11228	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/94.html	Trust: 0.1
url:	https://github.com/axcheron/crestron_getsudopwd	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 11.2

SOURCES

db:	ZDI	id:	ZDI-18-935
db:	ZDI	id:	ZDI-18-926
db:	ZDI	id:	ZDI-18-1080
db:	ZDI	id:	ZDI-18-931
db:	ZDI	id:	ZDI-18-924
db:	ZDI	id:	ZDI-18-938
db:	ZDI	id:	ZDI-18-916
db:	ZDI	id:	ZDI-18-929
db:	ZDI	id:	ZDI-18-927
db:	ZDI	id:	ZDI-18-933
db:	ZDI	id:	ZDI-18-925
db:	ZDI	id:	ZDI-18-923
db:	ZDI	id:	ZDI-18-934
db:	ZDI	id:	ZDI-18-937
db:	ZDI	id:	ZDI-18-917
db:	ZDI	id:	ZDI-18-915
db:	CNVD	id:	CNVD-2018-12159
db:	VULMON	id:	CVE-2018-11228
db:	NVD	id:	CVE-2018-11228

LAST UPDATE DATE

2025-04-26T22:46:19.569000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-935	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-926	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-1080	date:	2018-09-24T00:00:00
db:	ZDI	id:	ZDI-18-931	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-924	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-938	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-916	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-929	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-927	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-933	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-925	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-923	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-934	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-937	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-917	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-915	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12159	date:	2018-06-27T00:00:00
db:	VULMON	id:	CVE-2018-11228	date:	2019-05-02T00:00:00
db:	NVD	id:	CVE-2018-11228	date:	2024-11-21T03:42:56.903

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-935	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-926	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-1080	date:	2018-09-24T00:00:00
db:	ZDI	id:	ZDI-18-931	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-924	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-938	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-916	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-929	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-927	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-933	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-925	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-923	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-934	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-937	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-917	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-915	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12159	date:	2018-06-27T00:00:00
db:	VULMON	id:	CVE-2018-11228	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-11228	date:	2018-06-08T01:29:00.950