Multiple vulnerabilities in TRMS Carousel
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-14573 CVE-2018-18930 CVE-2018-18931 CVE-2018-18929 |
| CWE-ID | CWE-200 CWE-434 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Carousel Web applications / Remote management & hosting panels |
| Vendor | Tightrope |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU17393
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-14573
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to an unchanged default administrator password. A remote attacker can read arbitrary file on the system via the RenderingFetch API function.
Patch will be available on February 8.
Vulnerable software versionsCarousel: 7.0.0 - 7.0.4.104
External linkshttp://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Arbitrary file upload
EUVDB-ID: #VU17394
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-18930
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to arbitrary file upload. A remote attacker can execute the reverse shell Powershell script via the web shell, upload arbitrary file and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Patch will be available on February 8.
Vulnerable software versionsCarousel: 7.0.0 - 7.0.4.104
External linkshttp://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU17395
Risk: Low
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-18931
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The vulnerability exists due to arbitrary file upload. A remote attacker can make the SMB port available to remote systems, authenticate via SMB with Metasploit and gain full control over the system with administrator privileges.
Patch will be available on February 8.
Vulnerable software versionsCarousel: 7.0.0 - 7.0.4.104
External linkshttp://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU17396
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-18929
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker with administrative privileges can gain full access to the system.
The vulnerability exists due to the Unattend.xml file left on the system included the creation of a local admin account (along with the password). A remote attacker can use an Unattend.xml file to control various settings on the new system when Windows systems are imaged.
Patch will be available on February 8.
Vulnerable software versionsCarousel: 7.0.0 - 7.0.4.104
External linkshttp://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
