Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell.
References
Link | Resource |
---|---|
https://www.crestron.com/Security/Security_Advisories | Vendor Advisory |
https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes Vendor Advisory |
https://www.crestron.com/Security/Security_Advisories | Vendor Advisory |
https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf | Release Notes Vendor Advisory |
Configurations
History
21 Nov 2024, 07:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.crestron.com/Security/Security_Advisories - Vendor Advisory | |
References | () https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf - Release Notes, Vendor Advisory |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-23 00:15
Updated : 2024-11-21 07:21
NVD link : CVE-2022-40298
Mitre link : CVE-2022-40298
CVE.ORG link : CVE-2022-40298
JSON object : View
Products Affected
crestron
- airmedia
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource