CVE-2018-13341 : Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.

Published 2018-08-10 19:29:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2018-13341

Crestron » Tsw-x60 Firmware
Versions before (<) 2.001.0037.001
cpe:2.3:o:crestron:tsw-x60_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Crestron » Tsw-1060-b-s » Version: N/A
When used together with: Crestron » Tsw-1060-nc-b-s » Version: N/A
When used together with: Crestron » Tsw-1060-nc-w-s » Version: N/A
When used together with: Crestron » Tsw-1060-w-s » Version: N/A
When used together with: Crestron » Tsw-560-b-s » Version: N/A
When used together with: Crestron » Tsw-560-nc-b-s » Version: N/A
When used together with: Crestron » Tsw-560-nc-w-s » Version: N/A
When used together with: Crestron » Tsw-560-w-s » Version: N/A
When used together with: Crestron » Tsw-760-b-s » Version: N/A
When used together with: Crestron » Tsw-760-nc-b-s » Version: N/A
When used together with: Crestron » Tsw-760-nc-w-s » Version: N/A
When used together with: Crestron » Tsw-760-w-s » Version: N/A
Crestron » Mc3 Firmware
Versions before (<) 1.502.0047.00
cpe:2.3:o:crestron:mc3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Crestron » MC3 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-13341

EPSS FAQ

2.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-13341

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-13341

https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01

Crestron TSW-X60 and MC3 | CISA
Mitigation;Third Party Advisory;US Government Resource

CVEs referencing this url
http://www.securityfocus.com/bid/105051

Crestron TSW-X60 and MC3 Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-13341

Products affected by CVE-2018-13341

Exploit prediction scoring system (EPSS) score for CVE-2018-13341

CVSS scores for CVE-2018-13341

References for CVE-2018-13341