Details of VAR-201808-0436

ID

VAR-201808-0436

CVE

CVE-2018-13341

TITLE

Crestron TSW-X60 and MC3 Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-009259

DESCRIPTION

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. Crestron TSW-X60 and MC3 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to escalate privileges on affected installations of all Crestron products. Authentication is required to exploit this vulnerability.The specific flaw exists within the two built-in accounts on all Crestron devices. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator. Crestron TSW-X60 and MC3 are prone to the following multiple security vulnerabilities: 1. Multiple OS command-injection vulnerabilities. 2. An access-bypass vulnerability. 3. A security-bypass vulnerability. Attackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Trust: 2.61

sources: NVD: CVE-2018-13341 // JVNDB: JVNDB-2018-009259 // ZDI: ZDI-18-920 // BID: 105051 // VULMON: CVE-2018-13341

AFFECTED PRODUCTS

vendor:	crestron	model:	mc3	scope:	lt	version:	1.502.0047.00	Trust: 1.8
vendor:	crestron	model:	tsw-x60	scope:	lt	version:	2.001.0037.001	Trust: 1.8
vendor:	crestron	model:	tsw-760	scope:	-	version:	-	Trust: 0.7
vendor:	crestron	model:	tsw-x60	scope:	eq	version:	0	Trust: 0.3
vendor:	crestron	model:	mc3	scope:	eq	version:	0	Trust: 0.3
vendor:	crestron	model:	tsw-x60	scope:	ne	version:	2.001.0037.001	Trust: 0.3
vendor:	crestron	model:	mc3	scope:	ne	version:	1.502.0047.001	Trust: 0.3

sources: ZDI: ZDI-18-920 // BID: 105051 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2018-13341
value:	HIGH
Trust: 1.8
ZDI:	CVE-2018-13341
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201808-286
value:	HIGH
Trust: 0.6
VULMON:	CVE-2018-13341
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2018-13341
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
ZDI:	CVE-2018-13341
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2018-13341
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341 // CNNVD: CNNVD-201808-286

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-286

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-286

CONFIGURATIONS

sources: NVD: CVE-2018-13341

PATCH

title:	Top Page	url:	https://www.crestron.com/	Trust: 0.8
title:	Crestron has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/icsa-18-221-01	Trust: 0.7
title:	Crestron TSW-X60 and MC3 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83912	Trust: 0.6
title:	CVE-2018-13341	url:	https://github.com/rajchowdhury420/cve-2018-13341	Trust: 0.1
title:	crestron_getsudopwd	url:	https://github.com/axcheron/crestron_getsudopwd	Trust: 0.1
title:	-	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xt11/cve-poc	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/poc-in-github	Trust: 0.1

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // JVNDB: JVNDB-2018-009259 // CNNVD: CNNVD-201808-286

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13341	Trust: 3.5
db:	ICS CERT	id:	ICSA-18-221-01	Trust: 2.8
db:	BID	id:	105051	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-009259	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6160	Trust: 0.7
db:	ZDI	id:	ZDI-18-920	Trust: 0.7
db:	CNNVD	id:	CNNVD-201808-286	Trust: 0.6
db:	VULMON	id:	CVE-2018-13341	Trust: 0.1

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // BID: 105051 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341 // CNNVD: CNNVD-201808-286

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-221-01	Trust: 3.6
url:	http://www.securityfocus.com/bid/105051	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13341	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13341	Trust: 0.8
url:	https://www.crestron.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/rajchowdhury420/cve-2018-13341	Trust: 0.1
url:	https://github.com/axcheron/crestron_getsudopwd	Trust: 0.1

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // BID: 105051 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341 // CNNVD: CNNVD-201808-286

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-18-920

SOURCES

db:	ZDI	id:	ZDI-18-920
db:	VULMON	id:	CVE-2018-13341
db:	BID	id:	105051
db:	JVNDB	id:	JVNDB-2018-009259
db:	NVD	id:	CVE-2018-13341
db:	CNNVD	id:	CNNVD-201808-286

LAST UPDATE DATE

2023-12-18T12:43:54.687000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-920	date:	2018-08-14T00:00:00
db:	VULMON	id:	CVE-2018-13341	date:	2019-10-03T00:00:00
db:	BID	id:	105051	date:	2018-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-009259	date:	2018-11-13T00:00:00
db:	NVD	id:	CVE-2018-13341	date:	2019-10-03T00:03:26.223
db:	CNNVD	id:	CNNVD-201808-286	date:	2019-10-23T00:00:00

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-920	date:	2018-08-14T00:00:00
db:	VULMON	id:	CVE-2018-13341	date:	2018-08-10T00:00:00
db:	BID	id:	105051	date:	2018-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-009259	date:	2018-11-13T00:00:00
db:	NVD	id:	CVE-2018-13341	date:	2018-08-10T19:29:00.380
db:	CNNVD	id:	CNNVD-201808-286	date:	2018-08-13T00:00:00