|CVSS SCORE||8.5, (AV:N/AC:M/Au:S/C:C/I:C/A:C)|
The specific flaw exists within the engineer built-in account that enables a hidden 'LAUNCH' command. An attacker can leverage this vulnerability to escape the CTP console's sandbox environment to execute commands with elevated privileges.
Crestron has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Ricky "HeadlessZeke" Lawshae