CVE-2018-5553 - OpenCVE

The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Crestron	Dge-100 Dge-100 Firmware Dm-dge-200-c Dm-dge-200-c Firmware Ts-1542-c Ts-1542-c Firmware

Configuration 1 [-]

AND

cpe:2.3:o:crestron:dge-100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:crestron:dge-100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:crestron:dm-dge-200-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:crestron:dm-dge-200-c:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:crestron:ts-1542-c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:crestron:ts-1542-c:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/
https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2018-07-10T16:00:00Z

Updated: 2024-09-16T22:20:46.752Z

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5553

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-10T16:29:00.970

Modified: 2019-10-09T23:41:28.953

Link: CVE-2018-5553

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "DGE-100", "vendor": "Crestron", "versions": [{"lessThanOrEqual": "1.3384.00049.001", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TS-1542-C", "vendor": "Crestron", "versions": [{"lessThanOrEqual": "1.3384.00049.001", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "DM-DGE-200-C", "vendor": "Crestron", "versions": [{"lessThanOrEqual": "1.3384.00049.001", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "datePublic": "2018-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 (Improper Neutralization of Special Elements used in an OS Command)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-10T15:57:01", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"}], "solutions": [{"lang": "en", "value": "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages."}], "source": {"advisory": "R7-2018-15", "discovery": "EXTERNAL"}, "title": "Crestron DGE-100 Console Command Injection (FIXED)", "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2018-06-12T10:00:00.000Z", "ID": "CVE-2018-5553", "STATE": "PUBLIC", "TITLE": "Crestron DGE-100 Console Command Injection (FIXED)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DGE-100", "version": {"version_data": [{"affected": "<=", "platform": "", "version_affected": "<=", "version_name": "", "version_value": "1.3384.00049.001"}]}}, {"product_name": "TS-1542-C", "version": {"version_data": [{"affected": "<=", "platform": "", "version_affected": "<=", "version_name": "", "version_value": "1.3384.00049.001"}]}}, {"product_name": "DM-DGE-200-C", "version": {"version_data": [{"affected": "<=", "platform": "", "version_affected": "<=", "version_name": "", "version_value": "1.3384.00049.001"}]}}]}, "vendor_name": "Crestron"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."}]}, "exploit": [], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78 (Improper Neutralization of Special Elements used in an OS Command)"}]}]}, "references": {"reference_data": [{"name": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553", "refsource": "CONFIRM", "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"}, {"name": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/", "refsource": "MISC", "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"}]}, "solution": [{"lang": "en", "value": "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages."}], "source": {"advisory": "R7-2018-15", "defect": [], "discovery": "EXTERNAL"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:40:50.678Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2018-5553", "datePublished": "2018-07-10T16:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-16T22:20:46.752Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:dge-100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F48676D-D566-45C5-965B-B20ED8F2817F", "versionEndIncluding": "1.3384.00049.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:dge-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5D6A6E8-4FF6-467F-8F59-5512DD5B0A2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:dm-dge-200-c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D0D4D4C-9AE5-4500-8531-691E766A3175", "versionEndIncluding": "1.3384.00049.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:dm-dge-200-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0D4FFAC-0D1F-4D58-986B-3F402EE643AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:ts-1542-c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D4AA22E-4175-4B81-BC75-B88868785FD5", "versionEndIncluding": "1.3384.00049.001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:ts-1542-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B59A47EB-692A-47A0-B1CE-6967A18B7A37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."}, {"lang": "es", "value": "El servicio Crestron Console en los dispositivos DGE-100, DM-DGE-200-C y TS-1542-C con la configuraci\u00f3n por defecto y ejecutando versiones del firmware 1.3384.00049.001 y anteriores es vulnerable a una inyecci\u00f3n de comandos que puede emplearse para obtener acceso a nivel root."}], "id": "CVE-2018-5553", "lastModified": "2019-10-09T23:41:28.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2018-07-10T16:29:00.970", "references": [{"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"}, {"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "cve@rapid7.com", "type": "Secondary"}]}