cbcvebase.
CVE-2018-13341
published 2018-08-10

CVE-2018-13341: Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated…

PriorityP353high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
3.63%
88.1th percentile
Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.

Affected

2 ranges
VendorProductVersion rangeFixed in
crestronmc3_firmware< 1.502.0047.001.502.0047.00
crestrontsw-x60_firmware< 2.001.0037.0012.001.0037.001

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.