Lucene search

[email protected]CVE-2019-3926

HistoryApr 30, 2019 - 9:29 p.m.

CVE-2019-3926

2019-04-3021:29:00

CWE-78

[email protected]

web.nvd.nist.gov

crestron

am-100

am-101

firmware

command injection

snmp

oid

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.1%

JSON

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CPENameOperatorVersion
crestron:am-100_firmwarecrestron am-100 firmwareeq1.6.0.2
crestron:am-101_firmwarecrestron am-101 firmwareeq2.7.0.2

CPE	Name	Operator	Version
crestron:am-100_firmware	crestron am-100 firmware	eq	1.6.0.2
crestron:am-101_firmware	crestron am-101 firmware	eq	2.7.0.2

References

www.tenable.com/security/research/tra-2019-20

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for CVE-2019-3926

prion1 cvelist1 threatpost1