PT-2018-10412 · Crestron · Tsw-760+5

Publicado

2018-06-08

·

Atualizado

2019-05-13

·

CVE-2018-11229

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Crestron TSW-1060 versions prior to 2.001.0037.001 Crestron TSW-760 versions prior to 2.001.0037.001 Crestron TSW-560 versions prior to 2.001.0037.001 Crestron TSW-1060-NC versions prior to 2.001.0037.001 Crestron TSW-760-NC versions prior to 2.001.0037.001 Crestron TSW-560-NC versions prior to 2.001.0037.001
Description The issue allows unauthenticated remote code execution via command injection in the Crestron Toolbox Protocol (CTP). This is specifically related to the LAUNCH command.
Recommendations For Crestron TSW-1060 versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later. For Crestron TSW-760 versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later. For Crestron TSW-560 versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later. For Crestron TSW-1060-NC versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later. For Crestron TSW-760-NC versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later. For Crestron TSW-560-NC versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2018-11229
ZDI-18-930

Produtos afetados

Tsw-1060
Tsw-1060-Nc
Tsw-560
Tsw-560-Nc
Tsw-760
Tsw-760-Nc