Lucene search

MitreCVE-2022-34101

HistorySep 13, 2022 - 10:15 p.m.

CVE-2022-34101

2022-09-1322:15:08

CWE-427

mitre

web.nvd.nist.gov

cve-2022-34101

vulnerability

crestron airmedia

windows application

dll

code execution

privilege escalation

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.7%

JSON

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.

Affected configurations

Nvd

Node

crestronairmediaMatch4.3.1.39windows

VendorProductVersionCPE
crestronairmedia4.3.1.39cpe:2.3:a:crestron:airmedia:4.3.1.39:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
crestron	airmedia	4.3.1.39	cpe:2.3:a:crestron:airmedia:4.3.1.39:::::windows::

References

www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf

www.crestron.com/Security/Security_Advisories

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.7%

JSON

Related for CVE-2022-34101