CVE-2022-40298

Name of the Vulnerable Software and Affected Versions Crestron AirMedia for Windows versions prior to 5.5.1.84

Description The issue is related to insecure inherited permissions, leading to a privilege escalation. A low-privileged user can initiate a system repair and gain a SYSTEM-level shell. This is found in the AirMedia Windows Application.

Recommendations For versions prior to 5.5.1.84, update to version 5.5.1.84 or later to resolve the issue. As a temporary workaround, consider restricting system repair initiation to privileged users until a patch is applied.