Описание
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:crestron:am-300_firmware:1.4499.00018:*:*:*:*:*:*:*
cpe:2.3:h:crestron:am-300:-:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
8.4 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 8.4
github
около 2 лет назад
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
EPSS
Процентиль: 40%
0.00182
Низкий
8.4 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-78
CWE-78