CVE-2018-13341

HIGH

Crestron TSW-X60 <2.001.0037.001 & MC3 <1.502.0047.00 - Privilege Escalation

Title source: llm

Description

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges.

Exploits (2)

nomisec WORKING POC 25 stars

by axcheron · poc

https://github.com/axcheron/crestron_getsudopwd

View Code ZIP pw:eip

nomisec WORKING POC

by RajChowdhury240 · poc

https://github.com/RajChowdhury240/CVE-2018-13341

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105051

Mitigation, Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01

Scores

CVSS v3 8.8

EPSS 0.0306

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

crestron/mc3_firmware < 1.502.0047.00

crestron/tsw-x60_firmware < 2.001.0037.001

Published Aug 10, 2018

Tracked Since Feb 18, 2026