CVE-2018-10630
published 2018-08-10CVE-2018-10630: For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.91%
95.3th percentile
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crestron | mc3_firmware | < 1.502.0047.001 | 1.502.0047.001 |
| crestron | tsw-x60_firmware | < 2.001.0037.001 | 2.001.0037.001 |
| ics-cert | crestron_tsw-x60_version_prior_to_2.001.0037.001_and_mc3_version_prior_to_1.502 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Crestron TSW-X60 and MC3 devices ship with authentication disabled on the CTP (Crestron Toolbox Protocol) console — detect unauthenticated access to the CTP service as a sign of exploitation or misconfiguration ↗
- →Monitor for unauthenticated remote code execution attempts via the Bash shell service exposed through Crestron Toolbox Protocol (CTP) on TSW-X60 devices (related CVE-2018-11228) ↗
- →Monitor for unauthenticated remote code execution via command injection through Crestron Toolbox Protocol (CTP) on TSW-X60 devices (related CVE-2018-11229) ↗
- →Alert on attempts to calculate or brute-force sudo account passwords on Crestron devices using information accessible to regular user privileges, which may indicate privilege escalation attempts to escape the CTP console sandbox (related CVE-2018-13341) ↗
- ·No known public exploits specifically targeting these vulnerabilities were identified at time of advisory publication ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cwc8-6j25-gg7r: For Crestron TSW-X60 version prior to 2
ghsa_unreviewed·2022-05-13
CVE-2018-10630 [CRITICAL] CWE-287 GHSA-cwc8-6j25-gg7r: For Crestron TSW-X60 version prior to 2
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
CISA ICS
Crestron TSW-X60 and MC3
cisa_ics·2018-08-21·CVSS 9.8
[CRITICAL] Crestron TSW-X60 and MC3
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Crestron TSW-X60 and MC3
Last RevisedAugust 21, 2018
Alert CodeICSA-18-221-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Crestron
- Equipment: TSW-X60 and MC3
- Vulnerabilities: OS Command Injections, Improper Access Control, Insufficiently Protected Credentials
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution with escalated system privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following products and versions are affected:
- TSW-X60,
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-08-10
Published