CVE-2019-3934 - OpenCVE

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Crestron	Am-101 Firmware Am-101 Am-100 Am-100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*

cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*

cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.tenable.com/security/research/tra-2019-20	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tenable

Published: 2019-04-30T20:34:03

Updated: 2019-04-30T20:34:03

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3934

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-04-30T21:29:01.010

Modified: 2020-10-16T16:03:11.067

Link: CVE-2019-3934

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Crestron AirMedia", "vendor": "Crestron", "versions": [{"status": "affected", "version": "AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2"}]}], "descriptions": [{"lang": "en", "value": "Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-30T20:34:03", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2019-20"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3934", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Crestron AirMedia", "version": {"version_data": [{"version_value": "AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2"}]}}]}, "vendor_name": "Crestron"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2019-20", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-20"}]}}}}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3934", "datePublished": "2019-04-30T20:34:03", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2019-04-30T20:34:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "913135BE-8FB4-40BA-85D8-AD0F824493C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "081E2B1B-027D-4846-8C61-54CE2D668CD0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6AC584E7-9159-48E8-B499-F5CA68663503", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code."}, {"lang": "es", "value": "Crestron AM-100 con firmware versi\u00f3n 1.6.0.2 y AM-101 con firmware versi\u00f3n 2.7.0.2 permite que cualquiera pueda omitir el c\u00f3digo de presentaci\u00f3n enviando una petici\u00f3n HTTP POST creada para el archivo login.cgi. Un atacante remoto no identificado puede usar esta vulnerabilidad para descargar la imagen de diapositiva actual sin conocer el c\u00f3digo de acceso."}], "id": "CVE-2019-3934", "lastModified": "2020-10-16T16:03:11.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-30T21:29:01.010", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2019-20"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-425"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}