CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-6926

There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.5%

CVSS Severity

CVSS v3 Score 8.4

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02

Products affected by CVE-2023-6926

Crestron » Am-300 » Version: N/A

cpe:2.3:h:crestron:am-300:-
Crestron » Am-300 Firmware » Version: 1.4499.00018

cpe:2.3:o:crestron:am-300_firmware:1.4499.00018

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6926

Products

Pricing

Contact Us