Details of VAR-201806-1058

ID

VAR-201806-1058

CVE

CVE-2018-11228

TITLE

plural Crestron Device code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006297

DESCRIPTION

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). plural Crestron Device and code injection vulnerabilities exist.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the MAKEDIR command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products

Trust: 11.61

sources: NVD: CVE-2018-11228 // JVNDB: JVNDB-2018-006297 // ZDI: ZDI-18-926 // ZDI: ZDI-18-919 // ZDI: ZDI-18-937 // ZDI: ZDI-18-934 // ZDI: ZDI-18-923 // ZDI: ZDI-18-922 // ZDI: ZDI-18-935 // ZDI: ZDI-18-921 // ZDI: ZDI-18-929 // ZDI: ZDI-18-916 // ZDI: ZDI-18-938 // ZDI: ZDI-18-924 // ZDI: ZDI-18-931 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-933 // CNVD: CNVD-2018-12159

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12159

AFFECTED PRODUCTS

vendor:	crestron	model:	tsw-760	scope:	-	version:	-	Trust: 10.5
vendor:	crestron	model:	toolbox protocol	scope:	lt	version:	2.001.0037.001	Trust: 1.0
vendor:	crestron	model:	toolbox protocol	scope:	-	version:	-	Trust: 0.8
vendor:	crestron	model:	tsw-1060	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-1060-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-929 // ZDI: ZDI-18-921 // ZDI: ZDI-18-933 // ZDI: ZDI-18-922 // ZDI: ZDI-18-923 // ZDI: ZDI-18-934 // ZDI: ZDI-18-937 // ZDI: ZDI-18-919 // CNVD: CNVD-2018-12159 // JVNDB: JVNDB-2018-006297 // NVD: CVE-2018-11228

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-11228
value:	HIGH
Trust: 10.5
nvd@nist.gov:	CVE-2018-11228
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-11228
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-12159
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201806-670
value:	CRITICAL
Trust: 0.6

ZDI:	CVE-2018-11228
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 9.8
nvd@nist.gov:	CVE-2018-11228
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2018-11228
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-12159
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-11228
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-006297 // NVD: CVE-2018-11228

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-670

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-670

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006297

PATCH

title:	Crestron has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01	Trust: 10.5
title:	CVE-2018-11228: OS COMMAND INJECTION	url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet	Trust: 0.8
title:	Patches for multiple Crestron product code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/132893	Trust: 0.6
title:	Multiple Crestron Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80850	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11228	Trust: 13.5
db:	ICS CERT	id:	ICSA-18-221-01	Trust: 1.8
db:	BID	id:	105051	Trust: 1.0
db:	JVNDB	id:	JVNDB-2018-006297	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6176	Trust: 0.7
db:	ZDI	id:	ZDI-18-935	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6167	Trust: 0.7
db:	ZDI	id:	ZDI-18-926	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6274	Trust: 0.7
db:	ZDI	id:	ZDI-18-1080	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6172	Trust: 0.7
db:	ZDI	id:	ZDI-18-931	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6165	Trust: 0.7
db:	ZDI	id:	ZDI-18-924	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6189	Trust: 0.7
db:	ZDI	id:	ZDI-18-938	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6156	Trust: 0.7
db:	ZDI	id:	ZDI-18-916	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6170	Trust: 0.7
db:	ZDI	id:	ZDI-18-929	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6161	Trust: 0.7
db:	ZDI	id:	ZDI-18-921	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6174	Trust: 0.7
db:	ZDI	id:	ZDI-18-933	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6163	Trust: 0.7
db:	ZDI	id:	ZDI-18-922	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6164	Trust: 0.7
db:	ZDI	id:	ZDI-18-923	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6175	Trust: 0.7
db:	ZDI	id:	ZDI-18-934	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6178	Trust: 0.7
db:	ZDI	id:	ZDI-18-937	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-6159	Trust: 0.7
db:	ZDI	id:	ZDI-18-919	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12159	Trust: 0.6
db:	CNNVD	id:	CNNVD-201806-670	Trust: 0.6

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-221-01	Trust: 12.3
url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11228	Trust: 1.4
url:	http://www.securityfocus.com/bid/105051	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11228	Trust: 0.8

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 10.5

SOURCES

db:	ZDI	id:	ZDI-18-935
db:	ZDI	id:	ZDI-18-926
db:	ZDI	id:	ZDI-18-1080
db:	ZDI	id:	ZDI-18-931
db:	ZDI	id:	ZDI-18-924
db:	ZDI	id:	ZDI-18-938
db:	ZDI	id:	ZDI-18-916
db:	ZDI	id:	ZDI-18-929
db:	ZDI	id:	ZDI-18-921
db:	ZDI	id:	ZDI-18-933
db:	ZDI	id:	ZDI-18-922
db:	ZDI	id:	ZDI-18-923
db:	ZDI	id:	ZDI-18-934
db:	ZDI	id:	ZDI-18-937
db:	ZDI	id:	ZDI-18-919
db:	CNVD	id:	CNVD-2018-12159
db:	JVNDB	id:	JVNDB-2018-006297
db:	CNNVD	id:	CNNVD-201806-670
db:	NVD	id:	CVE-2018-11228

LAST UPDATE DATE

2025-02-20T22:45:39.026000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-935	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-926	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-1080	date:	2018-09-24T00:00:00
db:	ZDI	id:	ZDI-18-931	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-924	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-938	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-916	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-929	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-921	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-933	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-922	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-923	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-934	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-937	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-919	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12159	date:	2018-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-006297	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-670	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-11228	date:	2024-11-21T03:42:56.903

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-935	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-926	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-1080	date:	2018-09-24T00:00:00
db:	ZDI	id:	ZDI-18-931	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-924	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-938	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-916	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-929	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-921	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-933	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-922	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-923	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-934	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-937	date:	2018-08-14T00:00:00
db:	ZDI	id:	ZDI-18-919	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12159	date:	2018-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-006297	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-670	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-11228	date:	2018-06-08T01:29:00.950