PT-2018-11766 · Crestron · Crestron Tsw-X60+1

Jackson Thuraisamy

Published

2018-08-10

Updated

2019-10-03

CVE-2018-13341

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Crestron TSW-X60 versions prior to 2.001.0037.001 Crestron MC3 versions prior to 1.502.0047.00

Description The issue allows attackers to calculate passwords for special sudo accounts using information accessible to regular users. This could enable them to execute hidden API calls and escape the sandbox environment with elevated privileges.

Recommendations For Crestron TSW-X60 versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later. For Crestron MC3 versions prior to 1.502.0047.00, update to version 1.502.0047.00 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-13341

ZDI-18-920

Affected Products

Crestron Mc3

Crestron Tsw-X60

PT-2018-11766 · Crestron · Crestron Tsw-X60+1

CVE-2018-13341

Related Identifiers

Affected Products

References · 6