Products

    Pages

        Security Advisories

        Filter by Tags

        Vulnerability
        Updated Date
        Threat
        Identifier
        How is Crestron Affected
        Resources
        Super Micro BMC Vulnerabilities Discovered
        09/18/19
        More information
        Threat:
        A vulnerability was disclosed affecting Super Micro’s BMC. Researchers have identified vulnerabilities in the Virtual Media function of Supermicro BMCs. BMC/IPMI Virtual Media is a feature of the Virtual Console that enables users to attach a CD/DVD image to the server as a virtual CD/DVD drive. These vulnerabilities include plaintext authentication, weak encryption, and authentication bypass within the Virtual Media capabilities. Identified by researchers in the lab, the vulnerabilities have not been reported in a customer environment.
         
        Identifier:
        N/A
        How is Crestron Affected:
        This BMC is used in the DM-NVX Director products - DM-XIO-DIR-80, DM-XIO-DIR-160 and DM-XIO-DIR-ENT. By default, the BMC is only available from the management port. 

        Best practices are that the management port is only used for local connection and not connected to a wider LAN. In this configuration, there is little to no risk with regards to the report vulnerabilities.

        Customers can update as per the below procedure to further eliminate the concerns.
         
        DM NVX 2.0 and Earlier Supports SNMP v1/2
        08/14/19
        More information
        Threat:
        Unauthorized users can read all SNMP information because the access password is not secure in SNMPv1 or SNMPv2.
        SNMPv1 and SNMPv2 have been designated as obsolete.

        Versions of DM NVX prior to the released 2.1 supported these earlier versions.

         
        Identifier:
        N/A
        How is Crestron Affected:
        Versions of DM NVX 2.0 and earlier supported these now obsolete versions of SNMP. While used in the industry for years, a number of security vendors now flag it with increasing severity. As a result, it has been removed from the 2.1 feature set. SNMP v3 will be a part of the DM NVX 2.2 release.

        There is no reliable method to disable SNMP on the DM NVX device itself.

        The easiest method to eliminate the potential risk is to update to DM NVX 2.1 or higher. 

        If you decide not to update: 
        • All exposed parameters on the DM NVX are Read Only, so an attacker is limited
        • The risk can be eliminated by blocking UDP traffic on ports 161 and 162
        Resources:
        AM-100 and AM-100 Vulnerabilities
        07/31/19
        More information
        Threat:
        AIRMEDIA AM-100 and AM-101 Vulnerabilities

        We are making the AM-100/101 firmware available today publicly. Anyone requiring assistance should reach out to True Blue Support.

        The latest AM-100/101 firmware release includes CVE-2019-3929 and CVE-2019-3930 fixes. See link below under Resources.

        Please note the following vulnerabilities only affect the Airmedia AM-100 and AM-101 devices. All other second generation AirMedia devices are not affected.
        Identifier:
        There are multiple CVEs associated with this report
        How is Crestron Affected:
           
        CVE-2019-3925: Unauthenticated Remote OS Command Injection via SNMP #1
        Crestron is aware of a vulnerability with the AM-100 and AM-101 devices which allows for OS command injection via SNMP. This vulnerability will be resolved in upcoming firmware release scheduled for September 2019. SNMP can be disabled from the device menu.

        CVE-2019-3926: Unauthenticated Remote Command Injection via SNMP #2
        Crestron is aware of a vulnerability with the AM-100 and AM-101 devices which allows for console command injection via SNMP.  This vulnerability will be resolved in upcoming firmware release scheduled for September 2019. SNMP can be disabled from the device menu.

        CVE-2019-3927: Unauthenticated Remote Admin Password Change via SNMP
        Crestron is aware of a vulnerability with the AM-100/AM-101 devices which allows the remote administrator password to be changed via SNMPv1 and SNMPv2. Crestron advises to use SNMPv3 with adequate username and password to avoid this possibility. The SNMP version can be set in the web user interface of the device. SNMP can also be disabled from device services Menu. This disables SNMP service completely. On a Factory restore now the SNMP protocol defaults to SNMPv3. Users are advised to use SNMPv3 with strong authentication and privileged password.

        CVE-2019-3928: Unauthenticated Remote Information Leak via SNMP
        Crestron advises to use SNMPv3 with adequate username and password to avoid this possibility. The SNMP version can be set in the web user interface of the device. SNMP can also be disabled from device services Menu. This disables SNMP service completely. On a Factory restore now the SNMP protocol defaults to SNMPv3. Users are advised to use SNMPv3 with strong authentication and privileged password.

        CVE-2019-3929: Unauthenticated Remote OS Command Injection via file_transfer.cgi
        This vulnerability will be resolved in upcoming firmware release scheduled for September 2019. Crestron recommends limiting physical and network access to device.

        CVE-2019-3930: Unauthenticated Remote Stack Buffer Overflow via file_transfer.cgi
        This vulnerability which has a fix for the unauthenticated file_transfer.cgi will be resolved in upcoming firmware release scheduled for September 2019.

        CVE-2019-3931: Remote View Pass Code Bypass and Information Leak
        This will be fixed in version slated to release in September 2019. The risk or impact is that the latest slide or snapshot of the presentation will be available to an unauthenticated user. Once the presentation stops it will return a 404 error, so the risk exists only during active presentation. Crestron recommends that AirMedia AM-100/101s are not available on a public network, and only internal to the company.

        CVE-2019-3932: Authentication Bypass in return.tgi
        This will be fixed in version slated to release in September 2019. This vulnerability requires physical access to the hardware. Crestron recommends securing access to the device.

        CVE-2019-3933: Authentication bypass to view "remote view" via HTTP browserslide.jpg
        Crestron advises to use latest release version. As well as to protect return.cgi Crestron recommends that users define a strong administrator password for AirMedia AM-100s and AM-101s. 

        To disable to the Remote View feature completely, Crestron recommends following the configuration setup below. 

        Remote-View-Disable-Feature.png


        CVE-2019-3934: Remove View Pass Code Bypass #2
        This will be fixed in version slated to release in July 2019. The risk or impact here is that the latest slide/snapshot of the presentation will be available to an unauthenticated user. Once the presentation stops it will return a 404 error, so the risk exists only during active presentation.
        Crestron recommends that AirMedia AM-100/101s are not available on a public network, and only internal to the company.

        CVE-2019-3935: Unauthenticated Remote Moderator Controls via HTTP
        This will be fixed in version slated to release in September 2019. Meanwhile, Crestron recommends that AirMedia AM-100s and AM-101s are not available on a public network, and only made available internal to the company.

        CVE-2019-3936: Unauthenticated Remote View Control via port 389
        This will be fixed in version slated to release in September 2019. Meanwhile, Crestron recommends that AirMedia AM-100/101s are not available on a public network, and only made available internally to the company.

        CVE-2019-3937: Credentials Stored in Plaintext
        This will be fixed in version slated to release in September 2019. Meanwhile, if configuration files are used and saved by administrators for configuring and restoring AirMedia devices to a previously known state of configuration, then such configuration files should be stored in a safe location where only System Administrators have access to such files. Delete configuration files from local download folders and temp folders.

        CVE-2019-3938: Exported Configuration Files Contain Credentials
        This will be fixed in version slated to release in September 2019. Meanwhile, if configuration files are used and saved by administrators for configuring and restoring AirMedia devices to a previously known state of configuration, then such configuration files should be stored in a safe location where only System Administrators have access to such files. Delete configuration files from local download folders and temp folders.
        CVE-2019-13450: ZOOM CLIENT
        07/16/19
        More information
        Threat:
        Crestron is aware of a vulnerability within the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on MacOS. Remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424.

        NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2019-13450
        How is Crestron Affected:
        Crestron and Zoom have reviewed the vulnerability report and has confirmed that it does not affect any Crestron products.
        CVE-2019-9006: CP3N/PRO3/AV3
        06/07/19
        More information
        Threat:
        Crestron is aware of a vulnerability with the CP3N, Pro3, and AV3 devices which allows attackers to change firewalls rules, scan the internal network, download and run scripts through the remote root shell on the router via telnet access.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2019-9006
        How is Crestron Affected:
        This vulnerability has been resolved in the current firmware upgrade. Crestron recommends upgrading devices with current firmware available on the product page.

        Minimum firmware versions to address this vulnerability: v.1.600.0092
        Authentication Bypass in AM-100/AM-101
        05/10/19
        More information
        Threat:
        Crestron is aware of a vulnerability in the AM-100 and AM-101 units that can allow a user to bypass authentication. All users are urged to update firmware to the versions noted.

        The latest AM-100/101 firmware release includes CVE-2019-3910 fix. See link below under Resources.

        Please note the following vulnerabilities only affect the Airmedia AM-100 and AM-101 devices. All other second generation AirMedia devices are not affected.
        Identifier:
        N/A
        How is Crestron Affected:

        CVE-2019-3910: Authentication Bypass - This vulnerability has been resolved in the current firmware and can be downloaded on the product page. Minimum firmware version to address this vulnerability: 2.7.0 (AM-101) and 1.6.0 (AM-100). Affected Devices:

        • AM-101
        • AM-100
        CVE-2018-10933: libssh Server Allows Unauthorized Access
        10/24/18
        More information
        Threat:
        Crestron is aware of a vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-10933.
        How is Crestron Affected:
        While Crestron does use libssh in some products, it is not used for authentication in any circumstance. Therefore, no Crestron products are affected by this vulnerability.
        Resources:
        Nessus detects multiple vulnerabilities on port 7000
        09/24/18
        More information
        Threat:
        Nessus scanner detects AirMedia as an AppleTV and reports subsequent vulnerabilities.
        Identifier:
        There are multiple CVEs associated with this. Please see the related document.
        How is Crestron Affected:
        This is a false positive triggered by AirPlay compatibility. Refer to Airmedia - Nessus Vulnerability Scanner False Positive Mitigation Guideline - Airplay for details.
        CVE-2018-10630: IMPROPER ACCESS CONTROL
        08/09/18
        More information
        Threat:
        Authentication is not enabled by default on affected devices. With the minimum firmare version listed below, Crestron’s CTP Console and Telnet access are now disabled by default. Only SSH is available for configuration. If the device does not have authentication enabled, an SSH Banner will display a warning which recommends securing the device.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-10630 .
        How is Crestron Affected:
        Minimum firmware version to address this vulnerability: v1.502.0047.001. Affected Device: MC3.
        CVE-2018-11228: UNAUTHENTICATED REMOTE CODE EXECUTION VIA BASH SHELL SERVICE IN CTP
        08/09/18
        More information
        Threat:
        Crestron is aware of a vulnerability with specific touch panels which allows for unauthenticated remote code execution via bash. If authentication is enabled, the probability of exploit is lower as authentication is required.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-11228.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware versions to address this vulnerability:

        • TSW-X60 Series use FW 2.0001.0037.001 or late
        • TSW-X52 Series use FW 1.004.0007 or later

        Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        • TSW-552
        • TSW-752
        • TSW-1052
        • TSR-302
        • TST-602
        • TST-902
        • TSW-732
        • TSS-752
        • DMC-STR

        Additional products are being tested.

        Resources:
        |<  <   1 2 3    >  >| Pages: 1 of 3