Details of VAR-201807-2197

ID

VAR-201807-2197

CVE

CVE-2018-5553

TITLE

plural Crestron In device firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008012

DESCRIPTION

The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access. DGE-100 , DM-DGE-200-C ,and TS-1542-C Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PING command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. Crestron Electronics DGE-100, DM-DGE-200-C and TS-1542-C devices are all digital graphics engine products of Crestron Electronics in the United States

Trust: 2.43

sources: NVD: CVE-2018-5553 // JVNDB: JVNDB-2018-008012 // ZDI: ZDI-18-936 // VULHUB: VHN-135584 // VULMON: CVE-2018-5553

AFFECTED PRODUCTS

vendor:	crestron	model:	dge-100	scope:	lte	version:	1.3384.00049.001	Trust: 1.8
vendor:	crestron	model:	dm-dge-200-c	scope:	lte	version:	1.3384.00049.001	Trust: 1.8
vendor:	crestron	model:	ts-1542-c	scope:	lte	version:	1.3384.00049.001	Trust: 1.8
vendor:	crestron	model:	tsw-760	scope:	-	version:	-	Trust: 0.7
vendor:	crestron	model:	dge-100	scope:	eq	version:	1.3384.00049.001	Trust: 0.6
vendor:	crestron	model:	ts-1542-c	scope:	eq	version:	1.3384.00049.001	Trust: 0.6
vendor:	crestron	model:	dm-dge-200-c	scope:	eq	version:	1.3384.00049.001	Trust: 0.6

sources: ZDI: ZDI-18-936 // JVNDB: JVNDB-2018-008012 // CNNVD: CNNVD-201807-939 // NVD: CVE-2018-5553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5553
value:	CRITICAL
Trust: 1.0
cve@rapid7.com:	CVE-2018-5553
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-5553
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2018-5553
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201807-939
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-135584
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-5553
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5553
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2018-5553
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-135584
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5553
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: ZDI: ZDI-18-936 // VULHUB: VHN-135584 // VULMON: CVE-2018-5553 // JVNDB: JVNDB-2018-008012 // CNNVD: CNNVD-201807-939 // NVD: CVE-2018-5553 // NVD: CVE-2018-5553

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-135584 // JVNDB: JVNDB-2018-008012 // NVD: CVE-2018-5553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-939

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-939

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008012

PATCH

title:	CVE-2018-5553: CRESTRON DGE-100 CONSOLE COMMAND INJECTION	url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553	Trust: 0.8
title:	Crestron has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01	Trust: 0.7
title:	DGE-100 , DM-DGE-200-C and TS-1542-C Fixes for device command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84037	Trust: 0.6
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1

sources: ZDI: ZDI-18-936 // VULMON: CVE-2018-5553 // JVNDB: JVNDB-2018-008012 // CNNVD: CNNVD-201807-939

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5553	Trust: 3.3
db:	JVNDB	id:	JVNDB-2018-008012	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6177	Trust: 0.7
db:	ZDI	id:	ZDI-18-936	Trust: 0.7
db:	CNNVD	id:	CNNVD-201807-939	Trust: 0.6
db:	VULHUB	id:	VHN-135584	Trust: 0.1
db:	VULMON	id:	CVE-2018-5553	Trust: 0.1

sources: ZDI: ZDI-18-936 // VULHUB: VHN-135584 // VULMON: CVE-2018-5553 // JVNDB: JVNDB-2018-008012 // CNNVD: CNNVD-201807-939 // NVD: CVE-2018-5553

REFERENCES

url:	https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#cve%c2%ad-2018%c2%ad-5553	Trust: 1.8
url:	https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5553	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5553	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-221-01	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nu11secur1ty/exp101tsarchiv30thers	Trust: 0.1

sources: ZDI: ZDI-18-936 // VULHUB: VHN-135584 // VULMON: CVE-2018-5553 // JVNDB: JVNDB-2018-008012 // CNNVD: CNNVD-201807-939 // NVD: CVE-2018-5553

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-18-936

SOURCES

db:	ZDI	id:	ZDI-18-936
db:	VULHUB	id:	VHN-135584
db:	VULMON	id:	CVE-2018-5553
db:	JVNDB	id:	JVNDB-2018-008012
db:	CNNVD	id:	CNNVD-201807-939
db:	NVD	id:	CVE-2018-5553

LAST UPDATE DATE

2024-11-23T21:38:27.456000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-936	date:	2018-08-14T00:00:00
db:	VULHUB	id:	VHN-135584	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-5553	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-008012	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-939	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-5553	date:	2024-11-21T04:09:03.720

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-936	date:	2018-08-14T00:00:00
db:	VULHUB	id:	VHN-135584	date:	2018-07-10T00:00:00
db:	VULMON	id:	CVE-2018-5553	date:	2018-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-008012	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-939	date:	2018-07-10T00:00:00
db:	NVD	id:	CVE-2018-5553	date:	2018-07-10T16:29:00.970