CVE-2022-34102

{"id": "CVE-2022-34102", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-09-13T22:15:09.037", "references": [{"url": "https://www.crestron.com/Security/Security_Advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de control de acceso insuficiente en Crestron AirMedia Windows Application, versi\u00f3n 4.3.1.39, en la que un usuario puede pausar la desinstalaci\u00f3n de un ejecutable para conseguir una solicitud de comando de nivel SYSTEM"}], "lastModified": "2022-09-19T13:22:46.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:crestron:airmedia:4.3.1.39:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "92342A07-1DFE-43D8-895E-D05C5EE63FEC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}