CVE-2019-3928
moderate-risk
Published 2019-04-30
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter.
Do I need to act?
-
0.71% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (2)
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-20
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-20
30
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
2/34 · Minimal
Exposure
7/34 · Low