ID

VAR-201808-0436


CVE

CVE-2018-13341


TITLE

Crestron TSW-X60 and MC3 Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-009259

DESCRIPTION

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. Crestron TSW-X60 and MC3 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to escalate privileges on affected installations of all Crestron products. Authentication is required to exploit this vulnerability.The specific flaw exists within the two built-in accounts on all Crestron devices. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator. Crestron TSW-X60 and MC3 are prone to the following multiple security vulnerabilities: 1. Multiple OS command-injection vulnerabilities. 2. An access-bypass vulnerability. 3. A security-bypass vulnerability. Attackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Trust: 2.61

sources: NVD: CVE-2018-13341 // JVNDB: JVNDB-2018-009259 // ZDI: ZDI-18-920 // BID: 105051 // VULMON: CVE-2018-13341

AFFECTED PRODUCTS

vendor:crestronmodel:mc3scope:ltversion:1.502.0047.00

Trust: 1.8

vendor:crestronmodel:tsw-x60scope:ltversion:2.001.0037.001

Trust: 1.8

vendor:crestronmodel:tsw-760scope: - version: -

Trust: 0.7

vendor:crestronmodel:tsw-x60scope:eqversion:0

Trust: 0.3

vendor:crestronmodel:mc3scope:eqversion:0

Trust: 0.3

vendor:crestronmodel:tsw-x60scope:neversion:2.001.0037.001

Trust: 0.3

vendor:crestronmodel:mc3scope:neversion:1.502.0047.001

Trust: 0.3

sources: ZDI: ZDI-18-920 // BID: 105051 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-13341
value: HIGH

Trust: 1.8

ZDI: CVE-2018-13341
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201808-286
value: HIGH

Trust: 0.6

VULMON: CVE-2018-13341
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2018-13341
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

ZDI: CVE-2018-13341
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2018-13341
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341 // CNNVD: CNNVD-201808-286

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-286

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-286

CONFIGURATIONS

sources: NVD: CVE-2018-13341

PATCH

title:Top Pageurl:https://www.crestron.com/

Trust: 0.8

title:Crestron has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/icsa-18-221-01

Trust: 0.7

title:Crestron TSW-X60 and MC3 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83912

Trust: 0.6

title:CVE-2018-13341url:https://github.com/rajchowdhury420/cve-2018-13341

Trust: 0.1

title:crestron_getsudopwdurl:https://github.com/axcheron/crestron_getsudopwd

Trust: 0.1

title: - url:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:CVE-POCurl:https://github.com/0xt11/cve-poc

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/poc-in-github

Trust: 0.1

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // JVNDB: JVNDB-2018-009259 // CNNVD: CNNVD-201808-286

EXTERNAL IDS

db:NVDid:CVE-2018-13341

Trust: 3.5

db:ICS CERTid:ICSA-18-221-01

Trust: 2.8

db:BIDid:105051

Trust: 2.0

db:JVNDBid:JVNDB-2018-009259

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6160

Trust: 0.7

db:ZDIid:ZDI-18-920

Trust: 0.7

db:CNNVDid:CNNVD-201808-286

Trust: 0.6

db:VULMONid:CVE-2018-13341

Trust: 0.1

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // BID: 105051 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341 // CNNVD: CNNVD-201808-286

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-221-01

Trust: 3.6

url:http://www.securityfocus.com/bid/105051

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13341

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-13341

Trust: 0.8

url:https://www.crestron.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/rajchowdhury420/cve-2018-13341

Trust: 0.1

url:https://github.com/axcheron/crestron_getsudopwd

Trust: 0.1

sources: ZDI: ZDI-18-920 // VULMON: CVE-2018-13341 // BID: 105051 // JVNDB: JVNDB-2018-009259 // NVD: CVE-2018-13341 // CNNVD: CNNVD-201808-286

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-18-920

SOURCES

db:ZDIid:ZDI-18-920
db:VULMONid:CVE-2018-13341
db:BIDid:105051
db:JVNDBid:JVNDB-2018-009259
db:NVDid:CVE-2018-13341
db:CNNVDid:CNNVD-201808-286

LAST UPDATE DATE

2023-12-18T12:43:54.687000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-920date:2018-08-14T00:00:00
db:VULMONid:CVE-2018-13341date:2019-10-03T00:00:00
db:BIDid:105051date:2018-08-09T00:00:00
db:JVNDBid:JVNDB-2018-009259date:2018-11-13T00:00:00
db:NVDid:CVE-2018-13341date:2019-10-03T00:03:26.223
db:CNNVDid:CNNVD-201808-286date:2019-10-23T00:00:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-18-920date:2018-08-14T00:00:00
db:VULMONid:CVE-2018-13341date:2018-08-10T00:00:00
db:BIDid:105051date:2018-08-09T00:00:00
db:JVNDBid:JVNDB-2018-009259date:2018-11-13T00:00:00
db:NVDid:CVE-2018-13341date:2018-08-10T19:29:00.380
db:CNNVDid:CNNVD-201808-286date:2018-08-13T00:00:00