Details of VAR-201806-1058

ID

VAR-201806-1058

CVE

CVE-2018-11228

TITLE

Crestron Multiple Products CTP Console UPDATEPASSWORD Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-18-935

DESCRIPTION

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the RESTARTSERVICE command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products

Trust: 11.52

sources: NVD: CVE-2018-11228 // ZDI: ZDI-18-926 // ZDI: ZDI-18-915 // ZDI: ZDI-18-918 // ZDI: ZDI-18-937 // ZDI: ZDI-18-923 // ZDI: ZDI-18-925 // ZDI: ZDI-18-933 // ZDI: ZDI-18-935 // ZDI: ZDI-18-927 // ZDI: ZDI-18-929 // ZDI: ZDI-18-916 // ZDI: ZDI-18-938 // ZDI: ZDI-18-924 // ZDI: ZDI-18-931 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-928 // CNVD: CNVD-2018-12159

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12159

AFFECTED PRODUCTS

vendor:	crestron	model:	tsw-760	scope:	-	version:	-	Trust: 11.2
vendor:	crestron	model:	toolbox protocol	scope:	lt	version:	2.001.0037.001	Trust: 1.0
vendor:	crestron	model:	tsw-1060	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-1060-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-929 // ZDI: ZDI-18-927 // ZDI: ZDI-18-928 // ZDI: ZDI-18-933 // ZDI: ZDI-18-925 // ZDI: ZDI-18-923 // ZDI: ZDI-18-937 // ZDI: ZDI-18-918 // ZDI: ZDI-18-915 // CNVD: CNVD-2018-12159 // NVD: CVE-2018-11228

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-11228
value:	HIGH
Trust: 11.2
nvd@nist.gov:	CVE-2018-11228
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2018-12159
value:	HIGH
Trust: 0.6

ZDI:	CVE-2018-11228
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 9.8
ZDI:	CVE-2018-11228
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
nvd@nist.gov:	CVE-2018-11228
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2018-12159
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-11228
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.0

sources: NVD: CVE-2018-11228

PATCH

title:	Crestron has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01	Trust: 11.2
title:	Patches for multiple Crestron product code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/132893	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11228	Trust: 12.8
db:	BID	id:	105051	Trust: 1.0
db:	ICS CERT	id:	ICSA-18-221-01	Trust: 1.0
db:	ZDI_CAN	id:	ZDI-CAN-6176	Trust: 0.7
db:	ZDI	id:	ZDI-18-935	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6167	Trust: 0.7
db:	ZDI	id:	ZDI-18-926	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6274	Trust: 0.7
db:	ZDI	id:	ZDI-18-1080	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6172	Trust: 0.7
db:	ZDI	id:	ZDI-18-931	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6165	Trust: 0.7
db:	ZDI	id:	ZDI-18-924	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6189	Trust: 0.7
db:	ZDI	id:	ZDI-18-938	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6156	Trust: 0.7
db:	ZDI	id:	ZDI-18-916	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6170	Trust: 0.7
db:	ZDI	id:	ZDI-18-929	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6168	Trust: 0.7
db:	ZDI	id:	ZDI-18-927	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6169	Trust: 0.7
db:	ZDI	id:	ZDI-18-928	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6174	Trust: 0.7
db:	ZDI	id:	ZDI-18-933	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6166	Trust: 0.7
db:	ZDI	id:	ZDI-18-925	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6164	Trust: 0.7
db:	ZDI	id:	ZDI-18-923	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6178	Trust: 0.7
db:	ZDI	id:	ZDI-18-937	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6158	Trust: 0.7
db:	ZDI	id:	ZDI-18-918	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6155	Trust: 0.7
db:	ZDI	id:	ZDI-18-915	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12159	Trust: 0.6

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-221-01	Trust: 12.2
url:	http://www.securityfocus.com/bid/105051	Trust: 1.0
url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11228	Trust: 0.6

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 11.2

SOURCES

db:	ZDI	id:	ZDI-18-935
db:	ZDI	id:	ZDI-18-926
db:	ZDI	id:	ZDI-18-1080
db:	ZDI	id:	ZDI-18-931
db:	ZDI	id:	ZDI-18-924
db:	ZDI	id:	ZDI-18-938
db:	ZDI	id:	ZDI-18-916
db:	ZDI	id:	ZDI-18-929
db:	ZDI	id:	ZDI-18-927
db:	ZDI	id:	ZDI-18-928
db:	ZDI	id:	ZDI-18-933
db:	ZDI	id:	ZDI-18-925
db:	ZDI	id:	ZDI-18-923
db:	ZDI	id:	ZDI-18-937
db:	ZDI	id:	ZDI-18-918
db:	ZDI	id:	ZDI-18-915
db:	CNVD	id:	CNVD-2018-12159
db:	NVD	id:	CVE-2018-11228

LAST UPDATE DATE

2024-11-19T23:24:00.891000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-935	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-926	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-1080	date:	2018-09-24T00:00:00
db:	ZDI	id:	ZDI-18-931	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-924	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-938	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-916	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-929	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-927	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-928	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-933	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-925	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-923	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-937	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-918	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-915	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12159	date:	2018-06-27T00:00:00
db:	NVD	id:	CVE-2018-11228	date:	2019-05-02T14:48:44.913

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-935	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-926	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-1080	date:	2018-09-24T00:00:00
db:	ZDI	id:	ZDI-18-931	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-924	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-938	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-916	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-929	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-927	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-928	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-933	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-925	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-923	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-937	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-918	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-915	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12159	date:	2018-06-27T00:00:00
db:	NVD	id:	CVE-2018-11228	date:	2018-06-08T01:29:00.950