SB2018081003 - Multiple vulnerabilities in Crestron TSW-X60 and MC3

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081003

SB2018081003 - Multiple vulnerabilities in Crestron TSW-X60 and MC3

Published: August 10, 2018

Security Bulletin ID SB2018081003
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) OS command injection (CVE-ID: CVE-2018-11228)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can submit a specially crafted input via a Bash shell service in Crestron Toolbox Protocol (CTP) and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Command injection (CVE-ID: CVE-2018-11229)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection in Crestron Toolbox Protocol (CTP). A remote unauthenticated attacker can submit a specially crafted input and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Improper access control (CVE-ID: CVE-2018-10630)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. A remote unauthenticated attacker can bypass security restrictions and gain access to the CTP console.


4) Security restrictions bypass (CVE-ID: CVE-2018-13341)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. A remote unauthenticated attacker can decipher these passwords, execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.


Remediation

Install update from vendor's website.

References