CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40298
https://notcve.org/view.php?id=CVE-2022-40298
22 Sep 2022 — Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell. Crestron AirMedia para Windows versiones anteriores a 5.5.1.84, presenta permisos heredados no seguros, lo que conlleva a una vulnerabilidad de escalada de privilegios encontrada en la aplicación AirMedia Windows, versión 4.3.1.... • https://www.crestron.com/Security/Security_Advisories • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34101
https://notcve.org/view.php?id=CVE-2022-34101
13 Sep 2022 — A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. Se ha detectado una vulnerabilidad en Crestron AirMedia Windows Application, versión 4.3.1.39, en la que un usuario puede colocar una DLL maliciosa en una ruta determinada para ejecutar código y realizar un ataque de escalada de privilegios • https://www.crestron.com/Security/Security_Advisories • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-34102
https://notcve.org/view.php?id=CVE-2022-34102
13 Sep 2022 — Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. Se ha detectado una vulnerabilidad de control de acceso insuficiente en Crestron AirMedia Windows Application, versión 4.3.1.39, en la que un usuario puede pausar la desinstalación de un ejecutable para conseguir una solicitud de comando de nivel SYSTEM • https://www.crestron.com/Security/Security_Advisories •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34100
https://notcve.org/view.php?id=CVE-2022-34100
13 Sep 2022 — A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. Se ha detectado una vulnerabilidad en Crestron AirMedia Windows Application, versión 4.3.1.39, en la que un usuario poco privilegiado puede conseguir una solicitud de comando a nivel S... • https://www.crestron.com/Security/Security_Advisories •