Vulnerability Description
On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Crestron | Cp3N 6505417 Firmware | < 1.8001.0187 |
| Crestron | Cp3N 6505417 | - |
| Crestron | Cp3 6504877 Firmware | < 1.8001.0187 |
| Crestron | Cp3 6504877 | - |
| Crestron | Cp3-Gv 6506034 Firmware | < 1.8001.0187 |
| Crestron | Cp3-Gv 6506034 | - |
Related Weaknesses (CWE)
References
- https://www.crestron.com/release_notes/cp3n_1.8001.0187_release_notes.pdfRelease Notes
- https://www.crestron.com/release_notes/cp3n_1.8001.0187_release_notes.pdfRelease Notes
FAQ
What is CVE-2023-38405?
CVE-2023-38405 is a vulnerability with a CVSS score of 7.5 (HIGH). On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
How severe is CVE-2023-38405?
CVE-2023-38405 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38405?
Check the references section above for vendor advisories and patch information. Affected products include: Crestron Cp3N 6505417 Firmware, Crestron Cp3N 6505417, Crestron Cp3 6504877 Firmware, Crestron Cp3 6504877, Crestron Cp3-Gv 6506034 Firmware.