PT-2019-16782 · Crestron · Crestron Am-100+1
Published
2019-04-30
·
Updated
2022-12-08
·
CVE-2019-3928
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Crestron AM-100 version 1.6.0.2
Crestron AM-101 version 2.7.0.2
Description
The issue allows any user to obtain the presentation passcode via specific OIDs, iso.3.6.1.4.1.3212.100.3.2.7.4. A remote, unauthenticated attacker can exploit this to access a restricted presentation or become the presenter.
Recommendations
For Crestron AM-100 version 1.6.0.2, update the firmware to a version that addresses this issue.
For Crestron AM-101 version 2.7.0.2, update the firmware to a version that addresses this issue.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crestron Am-100
Crestron Am-101