Details of VAR-201806-1072

ID

VAR-201806-1072

CVE

CVE-2018-11229

TITLE

plural Crestron Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-006298

DESCRIPTION

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). plural Crestron The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestron's WindowCE-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the engineer built-in account that enables a hidden 'LAUNCH' command. An attacker can leverage this vulnerability to escape the CTP console's sandbox environment to execute commands with elevated privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products. Multiple OS command-injection vulnerabilities. 2. An access-bypass vulnerability. 3. A security-bypass vulnerability. Attackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Trust: 3.06

sources: NVD: CVE-2018-11229 // JVNDB: JVNDB-2018-006298 // ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12158

AFFECTED PRODUCTS

vendor:	crestron	model:	toolbox protocol	scope:	lt	version:	2.001.0037.001	Trust: 1.0
vendor:	crestron	model:	toolbox protocol	scope:	-	version:	-	Trust: 0.8
vendor:	crestron	model:	mc3	scope:	-	version:	-	Trust: 0.7
vendor:	crestron	model:	tsw-1060	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-1060-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-760-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-560-nc	scope:	lt	version:	2.001.0037.001	Trust: 0.6
vendor:	crestron	model:	tsw-x60	scope:	eq	version:	0	Trust: 0.3
vendor:	crestron	model:	mc3	scope:	eq	version:	0	Trust: 0.3
vendor:	crestron	model:	tsw-x60	scope:	ne	version:	2.001.0037.001	Trust: 0.3
vendor:	crestron	model:	mc3	scope:	ne	version:	1.502.0047.001	Trust: 0.3

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051 // JVNDB: JVNDB-2018-006298 // NVD: CVE-2018-11229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11229
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-11229
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2018-11229
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-12158
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201806-669
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-11229
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2018-11229
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-12158
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-11229
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669 // NVD: CVE-2018-11229

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-77	Trust: 0.8

sources: JVNDB: JVNDB-2018-006298 // NVD: CVE-2018-11229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-669

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-669

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006298

PATCH

title:	CVE-2018-11229: OS COMMAND INJECTION	url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet	Trust: 0.8
title:	Crestron has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01	Trust: 0.7
title:	Patches for multiple Crestron product code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/132895	Trust: 0.6
title:	Multiple Crestron Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80849	Trust: 0.6

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11229	Trust: 4.0
db:	ICS CERT	id:	ICSA-18-221-01	Trust: 2.7
db:	BID	id:	105051	Trust: 1.9
db:	JVNDB	id:	JVNDB-2018-006298	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6171	Trust: 0.7
db:	ZDI	id:	ZDI-18-930	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12158	Trust: 0.6
db:	CNNVD	id:	CNNVD-201806-669	Trust: 0.6

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669 // NVD: CVE-2018-11229

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-221-01	Trust: 3.4
url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet	Trust: 2.2
url:	http://www.securityfocus.com/bid/105051	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11229	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11229	Trust: 0.8
url:	https://www.crestron.com/	Trust: 0.3

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669 // NVD: CVE-2018-11229

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-18-930

SOURCES

db:	ZDI	id:	ZDI-18-930
db:	CNVD	id:	CNVD-2018-12158
db:	BID	id:	105051
db:	JVNDB	id:	JVNDB-2018-006298
db:	CNNVD	id:	CNNVD-201806-669
db:	NVD	id:	CVE-2018-11229

LAST UPDATE DATE

2024-08-14T13:45:36.798000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-930	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12158	date:	2018-06-27T00:00:00
db:	BID	id:	105051	date:	2018-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-006298	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-669	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2018-11229	date:	2019-05-13T18:31:15.047

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-930	date:	2018-08-14T00:00:00
db:	CNVD	id:	CNVD-2018-12158	date:	2018-06-27T00:00:00
db:	BID	id:	105051	date:	2018-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-006298	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-669	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-11229	date:	2018-06-08T01:29:00.997