ID

VAR-201806-1058


CVE

CVE-2018-11228


TITLE

Crestron Multiple Products CTP Console UPDATEPASSWORD Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-18-935

DESCRIPTION

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the MAKEDIR command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products. Multiple OS command-injection vulnerabilities. 2. An access-bypass vulnerability. 3. A security-bypass vulnerability. Attackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Trust: 11.79

sources: NVD: CVE-2018-11228 // ZDI: ZDI-18-926 // ZDI: ZDI-18-915 // ZDI: ZDI-18-918 // ZDI: ZDI-18-937 // ZDI: ZDI-18-923 // ZDI: ZDI-18-922 // ZDI: ZDI-18-925 // ZDI: ZDI-18-935 // ZDI: ZDI-18-928 // ZDI: ZDI-18-927 // ZDI: ZDI-18-916 // ZDI: ZDI-18-938 // ZDI: ZDI-18-924 // ZDI: ZDI-18-931 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-921 // CNVD: CNVD-2018-12159 // BID: 105051

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12159

AFFECTED PRODUCTS

vendor:crestronmodel:tsw-760scope: - version: -

Trust: 11.2

vendor:crestronmodel:toolbox protocolscope:ltversion:2.001.0037.001

Trust: 1.0

vendor:crestronmodel:tsw-1060scope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-760scope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-560scope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-1060-ncscope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-760-ncscope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-560-ncscope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-x60scope:eqversion:0

Trust: 0.3

vendor:crestronmodel:mc3scope:eqversion:0

Trust: 0.3

vendor:crestronmodel:tsw-x60scope:neversion:2.001.0037.001

Trust: 0.3

vendor:crestronmodel:mc3scope:neversion:1.502.0047.001

Trust: 0.3

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-927 // ZDI: ZDI-18-928 // ZDI: ZDI-18-921 // ZDI: ZDI-18-925 // ZDI: ZDI-18-922 // ZDI: ZDI-18-923 // ZDI: ZDI-18-937 // ZDI: ZDI-18-918 // ZDI: ZDI-18-915 // CNVD: CNVD-2018-12159 // BID: 105051 // NVD: CVE-2018-11228

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-11228
value: HIGH

Trust: 11.2

nvd@nist.gov: CVE-2018-11228
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2018-12159
value: HIGH

Trust: 0.6

ZDI: CVE-2018-11228
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 9.8

ZDI: CVE-2018-11228
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.4

nvd@nist.gov: CVE-2018-11228
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2018-12159
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-11228
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-927 // ZDI: ZDI-18-928 // ZDI: ZDI-18-921 // ZDI: ZDI-18-925 // ZDI: ZDI-18-922 // ZDI: ZDI-18-923 // ZDI: ZDI-18-937 // ZDI: ZDI-18-918 // ZDI: ZDI-18-915 // CNVD: CNVD-2018-12159 // NVD: CVE-2018-11228

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.0

sources: NVD: CVE-2018-11228

THREAT TYPE

network

Trust: 0.3

sources: BID: 105051

TYPE

Design Error

Trust: 0.3

sources: BID: 105051

PATCH

title:Crestron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01

Trust: 11.2

title:Patches for multiple Crestron product code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/132893

Trust: 0.6

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-927 // ZDI: ZDI-18-928 // ZDI: ZDI-18-921 // ZDI: ZDI-18-925 // ZDI: ZDI-18-922 // ZDI: ZDI-18-923 // ZDI: ZDI-18-937 // ZDI: ZDI-18-918 // ZDI: ZDI-18-915 // CNVD: CNVD-2018-12159

EXTERNAL IDS

db:NVDid:CVE-2018-11228

Trust: 13.1

db:ICS CERTid:ICSA-18-221-01

Trust: 1.3

db:BIDid:105051

Trust: 1.3

db:ZDI_CANid:ZDI-CAN-6176

Trust: 0.7

db:ZDIid:ZDI-18-935

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6167

Trust: 0.7

db:ZDIid:ZDI-18-926

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6274

Trust: 0.7

db:ZDIid:ZDI-18-1080

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6172

Trust: 0.7

db:ZDIid:ZDI-18-931

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6165

Trust: 0.7

db:ZDIid:ZDI-18-924

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6189

Trust: 0.7

db:ZDIid:ZDI-18-938

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6156

Trust: 0.7

db:ZDIid:ZDI-18-916

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6168

Trust: 0.7

db:ZDIid:ZDI-18-927

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6169

Trust: 0.7

db:ZDIid:ZDI-18-928

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6161

Trust: 0.7

db:ZDIid:ZDI-18-921

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6166

Trust: 0.7

db:ZDIid:ZDI-18-925

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6163

Trust: 0.7

db:ZDIid:ZDI-18-922

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6164

Trust: 0.7

db:ZDIid:ZDI-18-923

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6178

Trust: 0.7

db:ZDIid:ZDI-18-937

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6158

Trust: 0.7

db:ZDIid:ZDI-18-918

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-6155

Trust: 0.7

db:ZDIid:ZDI-18-915

Trust: 0.7

db:CNVDid:CNVD-2018-12159

Trust: 0.6

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-927 // ZDI: ZDI-18-928 // ZDI: ZDI-18-921 // ZDI: ZDI-18-925 // ZDI: ZDI-18-922 // ZDI: ZDI-18-923 // ZDI: ZDI-18-937 // ZDI: ZDI-18-918 // ZDI: ZDI-18-915 // CNVD: CNVD-2018-12159 // BID: 105051 // NVD: CVE-2018-11228

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-221-01

Trust: 12.5

url:http://www.securityfocus.com/bid/105051

Trust: 1.0

url:https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2018-11228

Trust: 0.6

url:https://www.crestron.com/

Trust: 0.3

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-927 // ZDI: ZDI-18-928 // ZDI: ZDI-18-921 // ZDI: ZDI-18-925 // ZDI: ZDI-18-922 // ZDI: ZDI-18-923 // ZDI: ZDI-18-937 // ZDI: ZDI-18-918 // ZDI: ZDI-18-915 // CNVD: CNVD-2018-12159 // BID: 105051 // NVD: CVE-2018-11228

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 11.2

sources: ZDI: ZDI-18-935 // ZDI: ZDI-18-926 // ZDI: ZDI-18-1080 // ZDI: ZDI-18-931 // ZDI: ZDI-18-924 // ZDI: ZDI-18-938 // ZDI: ZDI-18-916 // ZDI: ZDI-18-927 // ZDI: ZDI-18-928 // ZDI: ZDI-18-921 // ZDI: ZDI-18-925 // ZDI: ZDI-18-922 // ZDI: ZDI-18-923 // ZDI: ZDI-18-937 // ZDI: ZDI-18-918 // ZDI: ZDI-18-915

SOURCES

db:ZDIid:ZDI-18-935
db:ZDIid:ZDI-18-926
db:ZDIid:ZDI-18-1080
db:ZDIid:ZDI-18-931
db:ZDIid:ZDI-18-924
db:ZDIid:ZDI-18-938
db:ZDIid:ZDI-18-916
db:ZDIid:ZDI-18-927
db:ZDIid:ZDI-18-928
db:ZDIid:ZDI-18-921
db:ZDIid:ZDI-18-925
db:ZDIid:ZDI-18-922
db:ZDIid:ZDI-18-923
db:ZDIid:ZDI-18-937
db:ZDIid:ZDI-18-918
db:ZDIid:ZDI-18-915
db:CNVDid:CNVD-2018-12159
db:BIDid:105051
db:NVDid:CVE-2018-11228

LAST UPDATE DATE

2024-12-20T22:44:40.077000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-935date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-926date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-1080date:2018-09-24T00:00:00
db:ZDIid:ZDI-18-931date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-924date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-938date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-916date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-927date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-928date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-921date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-925date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-922date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-923date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-937date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-918date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-915date:2018-08-14T00:00:00
db:CNVDid:CNVD-2018-12159date:2018-06-27T00:00:00
db:BIDid:105051date:2018-08-09T00:00:00
db:NVDid:CVE-2018-11228date:2024-11-21T03:42:56.903

SOURCES RELEASE DATE

db:ZDIid:ZDI-18-935date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-926date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-1080date:2018-09-24T00:00:00
db:ZDIid:ZDI-18-931date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-924date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-938date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-916date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-927date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-928date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-921date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-925date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-922date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-923date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-937date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-918date:2018-08-14T00:00:00
db:ZDIid:ZDI-18-915date:2018-08-14T00:00:00
db:CNVDid:CNVD-2018-12159date:2018-06-27T00:00:00
db:BIDid:105051date:2018-08-09T00:00:00
db:NVDid:CVE-2018-11228date:2018-06-08T01:29:00.950