CVE-2019-3935

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.tenable.com/security/research/tra-2019-20	Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2019-20	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*

cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*

cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:42

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/research/tra-2019-20 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2019-20 - Exploit, Third Party Advisory

Information

Published : 2019-04-30 21:29

Updated : 2024-11-21 04:42

NVD link : CVE-2019-3935

Mitre link : CVE-2019-3935

CVE.ORG link : CVE-2019-3935

JSON object : View

Products Affected

crestron

am-101
am-100
am-100_firmware
am-101_firmware

CWE

CWE-284

Improper Access Control

NVD-CWE-Other

{"id": "CVE-2019-3935", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2019-04-30T21:29:01.073", "references": [{"url": "https://www.tenable.com/security/research/tra-2019-20", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2019-20", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vulnreport@tenable.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows."}, {"lang": "es", "value": "Crestron AM-100 con firmware versi\u00f3n 1.6.0.2 y AM-101 con firmware versi\u00f3n 2.7.0.2 permite a cualquier persona actuar como moderador de una presentaci\u00f3n de diapositivas por medio de peticiones HTTP POST creadas para el archivo conference.cgi. Un atacante remoto no identificado puede usar esta vulnerabilidad para iniciar, detener y desconectar presentaciones de diapositivas activas."}], "lastModified": "2024-11-21T04:42:53.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "913135BE-8FB4-40BA-85D8-AD0F824493C3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "081E2B1B-027D-4846-8C61-54CE2D668CD0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC584E7-9159-48E8-B499-F5CA68663503"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-3935

9.1^/10

6.4^/10

Attach tags to `CVE-2019-3935`