Published: 10/08/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Crestron TSW-X60 all versions before 2.001.0037.001 and MC3 all versions before 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
crestron tsw-x60_firmware
crestron mc3_firmware

This Tool Aims to Exploit the CVE-2018-13341

CVE-2018-13341 This Tool Aims to Exploit the CVE-2018-13341, By Using the MAC address of the targeted device, you can recover the password of the "crengsuperuser" hidden account which has elevated privileges and allow you to run SUDO commands The Crestron Toolbox Protocol (CTP) can be connected to by accessing port 41795 on the TSW-XX60 device # nc -C wxyz 41795

Tool to exploit CVE-2018-13341 and recover hidden account password on Crestron devices

crestron_getsudopwd Based on Ricky Lawshae discovery on Crestron TSW-X60 and MC3 devices, this tool aims to exploit the CVE-2018-13341 Using the MAC address of the targeted device, you can recover the password of the "crengsuperuser" hidden account which has elevated privileges and allow you to run SUDO commands Description On Crestron TSW-X60 < 2001003700

NVD-CWE-noinfo https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 http://www.securityfocus.com/bid/105051 https://nvd.nist.gov https://github.com/Rajchowdhury420/CVE-2018-13341

CVE-2018-13341

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect