CVE-2022-34100

Name of the Vulnerable Software and Affected Versions Crestron AirMedia Windows Application version 4.3.1.39

Description A vulnerability in the Crestron AirMedia Windows Application allows a low-privileged user to gain a SYSTEM level command prompt. This is achieved by pre-staging a file structure prior to the installation of a trusted service executable and changing permissions on that file structure during a repair operation. The issue is related to incorrect privilege handling, which can be exploited by a remote attacker to gain access to a command line with SYSTEM level privileges.

Recommendations For version 4.3.1.39, consider restricting access to the repair operation functionality until a patch is available. As a temporary workaround, avoid using the Crestron AirMedia Windows Application for sensitive operations that require elevated privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.