CVE-2018-5553 - OpenCVE

The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Crestron	Dge-100 Firmware Ts-1542-c Dm-dge-200-c Firmware Ts-1542-c Firmware Dge-100 Dm-dge-200-c

Configuration 1 [-]

AND

cpe:2.3:o:crestron:dge-100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:crestron:dge-100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:crestron:dm-dge-200-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:crestron:dm-dge-200-c:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:crestron:ts-1542-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:crestron:ts-1542-c:-:*:*:*:*:*:*:*

References

Link	Resource
https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/	Third Party Advisory
https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2018-06-12T00:00:00

Updated: 2018-07-10T15:57:01

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5553

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-10T16:29:00.970

Modified: 2019-10-09T23:41:28.953

Link: CVE-2018-5553

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "DGE-100", "vendor": "Crestron", "versions": [{"lessThanOrEqual": "1.3384.00049.001", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TS-1542-C", "vendor": "Crestron", "versions": [{"lessThanOrEqual": "1.3384.00049.001", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "DM-DGE-200-C", "vendor": "Crestron", "versions": [{"lessThanOrEqual": "1.3384.00049.001", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "datePublic": "2018-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": " CWE-78 (Improper Neutralization of Special Elements used in an OS Command)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-10T15:57:01", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"}], "solutions": [{"lang": "en", "value": "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages."}], "source": {"advisory": "R7-2018-15", "discovery": "EXTERNAL"}, "title": "Crestron DGE-100 Console Command Injection (FIXED)", "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2018-06-12T10:00:00.000Z", "ID": "CVE-2018-5553", "STATE": "PUBLIC", "TITLE": "Crestron DGE-100 Console Command Injection (FIXED)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DGE-100", "version": {"version_data": [{"affected": "<=", "platform": "", "version_affected": "<=", "version_name": "", "version_value": "1.3384.00049.001"}]}}, {"product_name": "TS-1542-C", "version": {"version_data": [{"affected": "<=", "platform": "", "version_affected": "<=", "version_name": "", "version_value": "1.3384.00049.001"}]}}, {"product_name": "DM-DGE-200-C", "version": {"version_data": [{"affected": "<=", "platform": "", "version_affected": "<=", "version_name": "", "version_value": "1.3384.00049.001"}]}}]}, "vendor_name": "Crestron"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."}]}, "exploit": [], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": " CWE-78 (Improper Neutralization of Special Elements used in an OS Command)"}]}]}, "references": {"reference_data": [{"name": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553", "refsource": "CONFIRM", "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"}, {"name": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/", "refsource": "MISC", "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"}]}, "solution": [{"lang": "en", "value": "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages."}], "source": {"advisory": "R7-2018-15", "defect": [], "discovery": "EXTERNAL"}, "work_around": []}}}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2018-5553", "datePublished": "2018-06-12T00:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2018-07-10T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:dge-100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F48676D-D566-45C5-965B-B20ED8F2817F", "versionEndIncluding": "1.3384.00049.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:dge-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5D6A6E8-4FF6-467F-8F59-5512DD5B0A2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:dm-dge-200-c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D0D4D4C-9AE5-4500-8531-691E766A3175", "versionEndIncluding": "1.3384.00049.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:dm-dge-200-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0D4FFAC-0D1F-4D58-986B-3F402EE643AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:ts-1542-c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D4AA22E-4175-4B81-BC75-B88868785FD5", "versionEndIncluding": "1.3384.00049.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:ts-1542-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B59A47EB-692A-47A0-B1CE-6967A18B7A37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."}, {"lang": "es", "value": "El servicio Crestron Console en los dispositivos DGE-100, DM-DGE-200-C y TS-1542-C con la configuraci\u00f3n por defecto y ejecutando versiones del firmware 1.3384.00049.001 y anteriores es vulnerable a una inyecci\u00f3n de comandos que puede emplearse para obtener acceso a nivel root."}], "id": "CVE-2018-5553", "lastModified": "2019-10-09T23:41:28.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2018-07-10T16:29:00.970", "references": [{"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"}, {"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "cve@rapid7.com", "type": "Secondary"}]}