ID CVE-2018-13341
Summary Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.
References
Vulnerable Configurations
  • cpe:2.3:o:crestron:tsw-x60_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:crestron:tsw-x60_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-1060-b-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-1060-b-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-1060-nc-b-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-1060-nc-b-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-1060-nc-w-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-1060-nc-w-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-1060-w-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-1060-w-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-560-b-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-560-b-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-560-nc-b-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-560-nc-b-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-560-nc-w-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-560-nc-w-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-560-w-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-560-w-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-760-b-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-760-b-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-760-nc-b-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-760-nc-b-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-760-nc-w-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-760-nc-w-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:tsw-760-w-s:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:tsw-760-w-s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:crestron:mc3_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:crestron:mc3_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:mc3:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:mc3:-:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 105051
misc https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01
Last major update 03-10-2019 - 00:03
Published 10-08-2018 - 19:29
Last modified 03-10-2019 - 00:03
Back to Top