CVE-2018-13341
Crestron Multiple Products CTP Console Privilege Escalation Vulnerability
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.
Para las versiones anteriores a la 2.001.0037.001 de Crestron TSW-X60 y las versiones anteriores a la 1.502.0047.001 de MC3, las contraseñas para las cuentas sudo especiales podrían calcularse mediante información accesible a aquellos que tengan privilegios de usuario regular. Los atacantes podrían descifrar estas contraseñas, lo que les permitiría ejecutar llamadas ocultas a la API y escapar del entorno de la consola CTP con privilegios elevados.
This vulnerability allows remote attackers to escalate privileges on affected installations of all Crestron products. Authentication is required to exploit this vulnerability.
The specific flaw exists within the two built-in accounts on all Crestron devices. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator.
*Credits:
Ricky "HeadlessZeke" Lawshae
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-07-05 CVE Reserved
- 2018-08-10 CVE Published
- 2021-08-20 First Exploit
- 2024-01-01 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105051 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 | Mitigation |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Rajchowdhury420/CVE-2018-13341 | 2021-08-20 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-1060-b-s Search vendor "Crestron" for product "Tsw-1060-b-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-1060-nc-b-s Search vendor "Crestron" for product "Tsw-1060-nc-b-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-1060-nc-w-s Search vendor "Crestron" for product "Tsw-1060-nc-w-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-1060-w-s Search vendor "Crestron" for product "Tsw-1060-w-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-560-b-s Search vendor "Crestron" for product "Tsw-560-b-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-560-nc-b-s Search vendor "Crestron" for product "Tsw-560-nc-b-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-560-nc-w-s Search vendor "Crestron" for product "Tsw-560-nc-w-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-560-w-s Search vendor "Crestron" for product "Tsw-560-w-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-760-b-s Search vendor "Crestron" for product "Tsw-760-b-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-760-nc-b-s Search vendor "Crestron" for product "Tsw-760-nc-b-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-760-nc-w-s Search vendor "Crestron" for product "Tsw-760-nc-w-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Tsw-x60 Firmware Search vendor "Crestron" for product "Tsw-x60 Firmware" | < 2.001.0037.001 Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001" | - |
Affected
| in | Crestron Search vendor "Crestron" | Tsw-760-w-s Search vendor "Crestron" for product "Tsw-760-w-s" | - | - |
Safe
|
| Crestron Search vendor "Crestron" | Mc3 Firmware Search vendor "Crestron" for product "Mc3 Firmware" | < 1.502.0047.00 Search vendor "Crestron" for product "Mc3 Firmware" and version " < 1.502.0047.00" | - |
Affected
| in | Crestron Search vendor "Crestron" | Mc3 Search vendor "Crestron" for product "Mc3" | - | - |
Safe
|