Vulnerabilities > Crestron > Airmedia > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-40298 Incorrect Permission Assignment for Critical Resource vulnerability in Crestron Airmedia 4.3.1.39
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39.
network
low complexity
crestron CWE-732
8.8
2022-09-13 CVE-2022-34101 Uncontrolled Search Path Element vulnerability in Crestron Airmedia 4.3.1.39
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
local
low complexity
crestron CWE-427
7.8
2022-09-13 CVE-2022-34102 Unspecified vulnerability in Crestron Airmedia 4.3.1.39
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
network
low complexity
crestron
8.8
2022-09-13 CVE-2022-34100 Unspecified vulnerability in Crestron Airmedia 4.3.1.39
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.
network
low complexity
crestron
8.8