{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T21:42:19.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.crestron.com/Security/Security_Advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-34102", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.crestron.com/Security/Security_Advisories", "refsource": "MISC", "url": "https://www.crestron.com/Security/Security_Advisories"}, {"name": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf", "refsource": "MISC", "url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:16.877Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.crestron.com/Security/Security_Advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-34102", "datePublished": "2022-09-13T21:42:19.000Z", "dateReserved": "2022-06-20T00:00:00.000Z", "dateUpdated": "2024-08-03T08:16:16.877Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crestron:airmedia:4.3.1.39:*:*:*:*:windows:*:*", "matchCriteriaId": "92342A07-1DFE-43D8-895E-D05C5EE63FEC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de control de acceso insuficiente en Crestron AirMedia Windows Application, versi\u00f3n 4.3.1.39, en la que un usuario puede pausar la desinstalaci\u00f3n de un ejecutable para conseguir una solicitud de comando de nivel SYSTEM"}], "id": "CVE-2022-34102", "lastModified": "2024-11-21T07:08:53.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T22:15:09.037", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.crestron.com/Security/Security_Advisories"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.crestron.com/Security/Security_Advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}