Vulnerabilities > CVE-2018-13341 - Unspecified vulnerability in Crestron MC3 Firmware and Tsw-X60 Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

crestron

NVD

Published: 2018-08-10

Updated: 2019-10-03

Summary

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.

Vulnerable Configurations

Part	Description	Count
OS	Crestron Crestron TSW X60 Firmware * Crestron MC3 Firmware *	2
Hardware	Crestron Crestron TSW 1060 B S - Crestron TSW 1060 NC B S - Crestron TSW 1060 NC W S - Crestron TSW 1060 W S - Crestron TSW 560 B S - Crestron TSW 560 NC B S - Crestron TSW 560 NC W S - Crestron TSW 560 W S - Crestron TSW 760 B S - Crestron TSW 760 NC B S - Crestron TSW 760 NC W S - Crestron TSW 760 W S - Crestron MC3 -	13

Summary

Vulnerable Configurations

References