CVE-2018-11229

Опубликовано: 08 июн. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).

Ссылки

http://www.securityfocus.com/bid/105051
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01
Third Party Advisory
US Government Resource
https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet
Vendor Advisory
http://www.securityfocus.com/bid/105051
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01
Third Party Advisory
US Government Resource
https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:crestron:crestron_toolbox_protocol_firmware:*:*:*:*:*:*:*:*

Версия до 2.001.0037.001 (исключая)

Одно из

cpe:2.3:h:crestron:dmc-str:-:*:*:*:*:*:*:*

cpe:2.3:h:crestron:tsw-1060:-:*:*:*:*:*:*:*

cpe:2.3:h:crestron:tsw-1060-nc:-:*:*:*:*:*:*:*

cpe:2.3:h:crestron:tsw-560:-:*:*:*:*:*:*:*

cpe:2.3:h:crestron:tsw-560-nc:-:*:*:*:*:*:*:*

cpe:2.3:h:crestron:tsw-760:-:*:*:*:*:*:*:*

cpe:2.3:h:crestron:tsw-760-nc:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.0366

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-j4hf-37q6-2qwf