#VU14302 Improper access control in Crestron Electronics products - CVE-2018-10630

Vulnerability identifier: #VU14302

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-10630

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
TSW-560-NC
Hardware solutions / Firmware
TSW-760-NC
Hardware solutions / Firmware
TSW-1060-NC
Hardware solutions / Firmware
TSW-560
Hardware solutions / Firmware
TSW-760
Hardware solutions / Firmware
TSW-1060
Hardware solutions / Firmware
MC3
Hardware solutions / Firmware

Vendor: Crestron Electronics

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. A remote unauthenticated attacker can bypass security restrictions and gain access to the CTP console.

Mitigation
Update TSW-X60 to version 2.001.0037.001.
Update MC3 to version 1.502.0047.001.

Vulnerable software versions

TSW-560-NC: before 2.001.0037.001

TSW-760-NC: before 2.001.0037.001

TSW-1060-NC: before 2.001.0037.001

TSW-560: before 2.001.0037.001

TSW-760: before 2.001.0037.001

TSW-1060: before 2.001.0037.001

MC3: before 1.502.0047.001

---

External links
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.