Search criteria
12 vulnerabilities found for airmedia by crestron
FKIE_CVE-2022-40298
Vulnerability from fkie_nvd - Published: 2022-09-23 00:15 - Updated: 2025-05-27 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| cve@mitre.org | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crestron:airmedia:4.3.1.39:*:*:*:*:windows:*:*",
"matchCriteriaId": "92342A07-1DFE-43D8-895E-D05C5EE63FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell."
},
{
"lang": "es",
"value": "Crestron AirMedia para Windows versiones anteriores a 5.5.1.84, presenta permisos heredados no seguros, lo que conlleva a una vulnerabilidad de escalada de privilegios encontrada en la aplicaci\u00f3n AirMedia Windows, versi\u00f3n 4.3.1.39. Un usuario poco privilegiado puede iniciar una reparaci\u00f3n del sistema y conseguir un shell de nivel SYSTEM."
}
],
"id": "CVE-2022-40298",
"lastModified": "2025-05-27T16:15:27.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-23T00:15:10.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-34102
Vulnerability from fkie_nvd - Published: 2022-09-13 22:15 - Updated: 2024-11-21 07:08
Severity ?
Summary
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| cve@mitre.org | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crestron:airmedia:4.3.1.39:*:*:*:*:windows:*:*",
"matchCriteriaId": "92342A07-1DFE-43D8-895E-D05C5EE63FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de control de acceso insuficiente en Crestron AirMedia Windows Application, versi\u00f3n 4.3.1.39, en la que un usuario puede pausar la desinstalaci\u00f3n de un ejecutable para conseguir una solicitud de comando de nivel SYSTEM"
}
],
"id": "CVE-2022-34102",
"lastModified": "2024-11-21T07:08:53.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T22:15:09.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34101
Vulnerability from fkie_nvd - Published: 2022-09-13 22:15 - Updated: 2024-11-21 07:08
Severity ?
Summary
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| cve@mitre.org | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crestron:airmedia:4.3.1.39:*:*:*:*:windows:*:*",
"matchCriteriaId": "92342A07-1DFE-43D8-895E-D05C5EE63FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Crestron AirMedia Windows Application, versi\u00f3n 4.3.1.39, en la que un usuario puede colocar una DLL maliciosa en una ruta determinada para ejecutar c\u00f3digo y realizar un ataque de escalada de privilegios"
}
],
"id": "CVE-2022-34101",
"lastModified": "2024-11-21T07:08:52.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T22:15:08.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34100
Vulnerability from fkie_nvd - Published: 2022-09-13 19:15 - Updated: 2024-11-21 07:08
Severity ?
Summary
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| cve@mitre.org | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/Security/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:crestron:airmedia:4.3.1.39:*:*:*:*:windows:*:*",
"matchCriteriaId": "92342A07-1DFE-43D8-895E-D05C5EE63FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Crestron AirMedia Windows Application, versi\u00f3n 4.3.1.39, en la que un usuario poco privilegiado puede conseguir una solicitud de comando a nivel SYSTEM al preconfigurar una estructura de archivos antes de la instalaci\u00f3n de un ejecutable de servicio confiable y cambiar los permisos en esa estructura de archivos durante una operaci\u00f3n de reparaci\u00f3n"
}
],
"id": "CVE-2022-34100",
"lastModified": "2024-11-21T07:08:52.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T19:15:09.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-40298 (GCVE-0-2022-40298)
Vulnerability from cvelistv5 – Published: 2022-09-22 23:30 – Updated: 2025-05-27 15:23
VLAI?
Summary
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T15:22:47.788281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:23:18.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-22T23:30:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40298",
"datePublished": "2022-09-22T23:30:16.000Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2025-05-27T15:23:18.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34101 (GCVE-0-2022-34101)
Vulnerability from cvelistv5 – Published: 2022-09-13 21:47 – Updated: 2024-08-03 08:16
VLAI?
Summary
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T21:47:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34101",
"datePublished": "2022-09-13T21:47:01",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34102 (GCVE-0-2022-34102)
Vulnerability from cvelistv5 – Published: 2022-09-13 21:42 – Updated: 2024-08-03 08:16
VLAI?
Summary
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T21:42:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34102",
"datePublished": "2022-09-13T21:42:19",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34100 (GCVE-0-2022-34100)
Vulnerability from cvelistv5 – Published: 2022-09-13 18:11 – Updated: 2024-08-03 08:16
VLAI?
Summary
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T18:11:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34100",
"datePublished": "2022-09-13T18:11:22",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40298 (GCVE-0-2022-40298)
Vulnerability from nvd – Published: 2022-09-22 23:30 – Updated: 2025-05-27 15:23
VLAI?
Summary
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T15:22:47.788281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:23:18.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-22T23:30:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40298",
"datePublished": "2022-09-22T23:30:16.000Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2025-05-27T15:23:18.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34101 (GCVE-0-2022-34101)
Vulnerability from nvd – Published: 2022-09-13 21:47 – Updated: 2024-08-03 08:16
VLAI?
Summary
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T21:47:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34101",
"datePublished": "2022-09-13T21:47:01",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34102 (GCVE-0-2022-34102)
Vulnerability from nvd – Published: 2022-09-13 21:42 – Updated: 2024-08-03 08:16
VLAI?
Summary
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T21:42:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34102",
"datePublished": "2022-09-13T21:42:19",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34100 (GCVE-0-2022-34100)
Vulnerability from nvd – Published: 2022-09-13 18:11 – Updated: 2024-08-03 08:16
VLAI?
Summary
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T18:11:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crestron.com/Security/Security_Advisories",
"refsource": "MISC",
"url": "https://www.crestron.com/Security/Security_Advisories"
},
{
"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf",
"refsource": "MISC",
"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34100",
"datePublished": "2022-09-13T18:11:22",
"dateReserved": "2022-06-20T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}