CVE-2023-6926 - OpenCVE

There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Crestron	Am-300 Firmware Am-300

Configuration 1 [-]

AND

cpe:2.3:o:crestron:am-300_firmware:1.4499.00018:*:*:*:*:*:*:*

cpe:2.3:h:crestron:am-300:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2024-01-23T19:23:08.788Z

Updated: 2024-01-23T19:23:08.788Z

Reserved: 2023-12-18T15:44:37.002Z

Link: CVE-2023-6926

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-23T20:15:45.233

Modified: 2024-01-29T20:56:34.097

Link: CVE-2023-6926

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6926", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-12-18T15:44:37.002Z", "datePublished": "2024-01-23T19:23:08.788Z", "dateUpdated": "2024-01-23T19:23:08.788Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AM-300", "vendor": "Crestron", "versions": [{"status": "affected", "version": " 1.4499.00018"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Uri Katz of Claroty Research Team82"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.</span>\n\n"}], "value": "\nThere is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-01-23T19:23:08.788Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Crestron has resolved this vulnerability in firmware version 1.4499.00023.001 or higher. Please see </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://security.crestron.com/\">https://security.crestron.com</a><span style=\"background-color: rgb(255, 255, 255);\"> or contact True Blue Support for additional information.</span>\n\n<br>"}], "value": "\nCrestron has resolved this vulnerability in firmware version 1.4499.00023.001 or higher. Please see https://security.crestron.com https://security.crestron.com/ \u00a0or contact True Blue Support for additional information.\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Crestron AM-300", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:am-300_firmware:1.4499.00018:*:*:*:*:*:*:*", "matchCriteriaId": "3E71A698-2505-4C86-A2B0-161C051AC573", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:am-300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2A0894F-6D87-40C4-B386-99A31034ADDF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nThere is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la versi\u00f3n 1.4499.00018 del firmware Crestron AM-300 que puede permitir a un usuario de una sesi\u00f3n SSH de acceso limitado escalar sus privilegios al acceso de nivel root."}], "id": "CVE-2023-6926", "lastModified": "2024-01-29T20:56:34.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-01-23T20:15:45.233", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}