Vulnerability Description
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Crestron | Crestron Toolbox Protocol Firmware | < 2.001.0037.001 |
| Crestron | Dmc-Str | - |
| Crestron | Tsw-1060 | - |
| Crestron | Tsw-1060-Nc | - |
| Crestron | Tsw-560 | - |
| Crestron | Tsw-560-Nc | - |
| Crestron | Tsw-760 | - |
| Crestron | Tsw-760-Nc | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105051Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01Third Party AdvisoryUS Government Resource
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-detaVendor Advisory
- http://www.securityfocus.com/bid/105051Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01Third Party AdvisoryUS Government Resource
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-detaVendor Advisory
FAQ
What is CVE-2018-11228?
CVE-2018-11228 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Prot...
How severe is CVE-2018-11228?
CVE-2018-11228 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11228?
Check the references section above for vendor advisories and patch information. Affected products include: Crestron Crestron Toolbox Protocol Firmware, Crestron Dmc-Str, Crestron Tsw-1060, Crestron Tsw-1060-Nc, Crestron Tsw-560.