2019-06-04 18:36:00

Closed

Crestron AirMedia devices (AM-100 and AM-101 only) are susceptible to remote command vulnerabilities. Several other presentation platform systems may also be affected by similar vulnerabilities.

N/A

Crestron AirMedia devices (AM-100 and AM-101 only) are susceptible to remote command vulnerabilities. Several other presentation platform systems may also be affected by similar vulnerabilities.

Other vendors affected include, but may not be limited to: Barco wePresent, Extron ShareLink, InFocus LiteShow, TEQ AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS.

The Cornell IT Security Office recommends working with vendors to ensure firmware is updated to protect against these vulnerabilities.

Crestron has already released firmware updates to protect against some of these vulnerabilities and have posted mitigates for others. Additional information on the specific vulnerabilities and the response from individual vendors can be found in the links below.

Departments interested having their AV devices managed by CIT's Managed AV service can submit a request here:
https://it.cornell.edu/managed-av

External Links:
https://www.crestron.com/en-US/Security/Security_Advisories
https://www.tenable.com/security/research/tra-2019-20