SB2019020614 - Multiple vulnerabilities in TRMS Carousel
Published: February 6, 2019
Security Bulletin ID
SB2019020614
Severity
High
Patch available
NO
Number of vulnerabilities
4
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-14573)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The vulnerability exists due to an unchanged default administrator password. A remote attacker can read arbitrary file on the system via the RenderingFetch API function.
2) Arbitrary file upload (CVE-ID: CVE-2018-18930)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability exists due to arbitrary file upload. A remote attacker can execute the reverse shell Powershell script via the web shell, upload arbitrary file and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Privilege escalation (CVE-ID: CVE-2018-18931)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.The vulnerability exists due to arbitrary file upload. A remote attacker can make the SMB port available to remote systems, authenticate via SMB with Metasploit and gain full control over the system with administrator privileges.
4) Privilege escalation (CVE-ID: CVE-2018-18929)
The vulnerability allows a remote attacker with administrative privileges can gain full access to the system.The vulnerability exists due to the Unattend.xml file left on the system included the creation of a local admin account (along with the password). A remote attacker can use an Unattend.xml file to control various settings on the new system when Windows systems are imaged.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.