ID

VAR-201806-1072


CVE

CVE-2018-11229


TITLE

plural Crestron Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-006298

DESCRIPTION

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). plural Crestron The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestron's WindowCE-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the engineer built-in account that enables a hidden 'LAUNCH' command. An attacker can leverage this vulnerability to escape the CTP console's sandbox environment to execute commands with elevated privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products. Multiple OS command-injection vulnerabilities. 2. An access-bypass vulnerability. 3. A security-bypass vulnerability. Attackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Trust: 3.06

sources: NVD: CVE-2018-11229 // JVNDB: JVNDB-2018-006298 // ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12158

AFFECTED PRODUCTS

vendor:crestronmodel:toolbox protocolscope:ltversion:2.001.0037.001

Trust: 1.0

vendor:crestronmodel:toolbox protocolscope: - version: -

Trust: 0.8

vendor:crestronmodel:mc3scope: - version: -

Trust: 0.7

vendor:crestronmodel:tsw-1060scope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-760scope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-560scope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-1060-ncscope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-760-ncscope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-560-ncscope:ltversion:2.001.0037.001

Trust: 0.6

vendor:crestronmodel:tsw-x60scope:eqversion:0

Trust: 0.3

vendor:crestronmodel:mc3scope:eqversion:0

Trust: 0.3

vendor:crestronmodel:tsw-x60scope:neversion:2.001.0037.001

Trust: 0.3

vendor:crestronmodel:mc3scope:neversion:1.502.0047.001

Trust: 0.3

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051 // JVNDB: JVNDB-2018-006298 // NVD: CVE-2018-11229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11229
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11229
value: CRITICAL

Trust: 0.8

ZDI: CVE-2018-11229
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-12158
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-669
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-11229
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-11229
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-12158
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-11229
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669 // NVD: CVE-2018-11229

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 0.8

sources: JVNDB: JVNDB-2018-006298 // NVD: CVE-2018-11229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-669

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-669

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006298

PATCH

title:CVE-2018-11229: OS COMMAND INJECTIONurl:https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet

Trust: 0.8

title:Crestron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01

Trust: 0.7

title:Patches for multiple Crestron product code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/132895

Trust: 0.6

title:Multiple Crestron Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80849

Trust: 0.6

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669

EXTERNAL IDS

db:NVDid:CVE-2018-11229

Trust: 4.0

db:ICS CERTid:ICSA-18-221-01

Trust: 2.7

db:BIDid:105051

Trust: 1.9

db:JVNDBid:JVNDB-2018-006298

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6171

Trust: 0.7

db:ZDIid:ZDI-18-930

Trust: 0.7

db:CNVDid:CNVD-2018-12158

Trust: 0.6

db:CNNVDid:CNNVD-201806-669

Trust: 0.6

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669 // NVD: CVE-2018-11229

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-221-01

Trust: 3.4

url:https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet

Trust: 2.2

url:http://www.securityfocus.com/bid/105051

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11229

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-11229

Trust: 0.8

url:https://www.crestron.com/

Trust: 0.3

sources: ZDI: ZDI-18-930 // CNVD: CNVD-2018-12158 // BID: 105051 // JVNDB: JVNDB-2018-006298 // CNNVD: CNNVD-201806-669 // NVD: CVE-2018-11229

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-18-930

SOURCES

db:ZDIid:ZDI-18-930
db:CNVDid:CNVD-2018-12158
db:BIDid:105051
db:JVNDBid:JVNDB-2018-006298
db:CNNVDid:CNNVD-201806-669
db:NVDid:CVE-2018-11229

LAST UPDATE DATE

2024-08-14T13:45:36.798000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-930date:2018-08-14T00:00:00
db:CNVDid:CNVD-2018-12158date:2018-06-27T00:00:00
db:BIDid:105051date:2018-08-09T00:00:00
db:JVNDBid:JVNDB-2018-006298date:2018-08-15T00:00:00
db:CNNVDid:CNNVD-201806-669date:2019-05-14T00:00:00
db:NVDid:CVE-2018-11229date:2019-05-13T18:31:15.047

SOURCES RELEASE DATE

db:ZDIid:ZDI-18-930date:2018-08-14T00:00:00
db:CNVDid:CNVD-2018-12158date:2018-06-27T00:00:00
db:BIDid:105051date:2018-08-09T00:00:00
db:JVNDBid:JVNDB-2018-006298date:2018-08-15T00:00:00
db:CNNVDid:CNNVD-201806-669date:2018-06-11T00:00:00
db:NVDid:CVE-2018-11229date:2018-06-08T01:29:00.997