CVE-2022-27438

Exploit

EPSS 12.34%
Published 06.06.2022 23:15:07
Last modified 21.11.2024 06:55:44
Source cve@mitre.org
Teams watchlist Login
Open Login

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Caphyon ≫ Advanced Installer Version < 19.4

3cx ≫ Call Flow Designer Version18.2.13

3cx ≫ Crm Template Generator Version2.1.23

Boom ≫ Boomtv Streamer Portal Version2.2.1

Codesector ≫ Direct Folders Version4.0

Codesector ≫ Teracopy Version3.8.5

Emeditor ≫ Emeditor Version21.3.0

Flamory ≫ Flamory Version4.2.19.0

Freesnippingtool ≫ Free Snipping Tool Version5.6.0.0

Fxsound ≫ Fxsound Version1.1.12.0

Gainedge ≫ Better Explorer Version2020.3.15.1304

Gamecaster ≫ Gamecaster Version4.0.2109.2802

Getmailbird ≫ Mailbird Version2.9.50.0

Guzogo ≫ Guzogo Version1.0.5.0

Honeygain ≫ Honeygain Version0.10.7.0 SwPlatformwindows

Jki ≫ Vi Package Manager Version21.1.2754

Jpsoft ≫ Take Command Version28.2.18

Krylack ≫ Archive Password Recovery Version3.70.69

Krylack ≫ Asterisks Password Decryptor Version3.31.107

Krylack ≫ Burning Suite Version1.20.05

Krylack ≫ Rar Password Recovery Version3.70.69

Krylack ≫ Volume Serial Number Editor Version2.02.34

Krylack ≫ Zip Password Recovery Version3.70.69

Moonsoftware ≫ Password Agent Version20.10.1

Nefarius ≫ Scptoolkit Version1.6.238.16010

Plagiarismcheckerx ≫ Plagiarism Checker X Version8.0.6

Prusa3d ≫ Prusaslicer Version2.4.2

Realdefense ≫ Mycleanid Version4.1.4

Realdefense ≫ Mycleanpc Version4.0.2

Realdefense ≫ Mypasslock Version1.9.6

Rovio ≫ Angry Birds Space Version1.4.1

Rovio ≫ Bad Piggies Version1.3.0

Synaptics ≫ Displaylink Usb Graphics SwPlatformwindows Version < 10.3.6400.0

Urban-vpn ≫ Urban Vpn Version2.2.5

Vigem ≫ Vigembus Driver Version1.16.116

Vpnhood ≫ Vpnhood Version2.4.299 SwPlatformwindows

Vrdesktop ≫ Virtual Desktop Streamer Version1.20.16

Xsplit ≫ Xsplit Express Video Editor Version3.0.2001.801

Rstinstruments ≫ Vw0420 Firmware Version1.33.0

Rstinstruments ≫ Vw0420 Version-

Rstinstruments ≫ Inclinalysis Digital Inclinometer Version2.48.9

Rstinstruments ≫ Ipi Utility Version1.05.0

Rstinstruments ≫ Rstar Rtu Host Version1.33.0

Rstinstruments ≫ Dt2011 Firmware Version1.19.4.0

Rstinstruments ≫ Dt2011 Version-

Rstinstruments ≫ Dt2011b Firmware Version1.19.4.0

Rstinstruments ≫ Dt2011b Version-

Rstinstruments ≫ Dt2040 Firmware Version1.19.4.0

Rstinstruments ≫ Dt2040 Version-

Rstinstruments ≫ Dt2050 Firmware Version1.19.4.0

Rstinstruments ≫ Dt2050 Version-

Rstinstruments ≫ Dt2050b Firmware Version1.19.4.0

Rstinstruments ≫ Dt2050b Version-

Rstinstruments ≫ Dt2055b Firmware Version1.19.4.0

Rstinstruments ≫ Dt2055b Version-

Rstinstruments ≫ Dt2306 Firmware Version1.19.4.0

Rstinstruments ≫ Dt2306 Version-

Rstinstruments ≫ Dt2350 Firmware Version1.19.4.0

Rstinstruments ≫ Dt2350 Version-

Rstinstruments ≫ Dt2485 Firmware Version1.19.4.0

Rstinstruments ≫ Dt2485 Version-

Rstinstruments ≫ Dt4205 Firmware Version1.19.4.0

Rstinstruments ≫ Dt4205 Version-

Rstinstruments ≫ Dtsaa Firmware Version1.19.4.0

Rstinstruments ≫ Dtsaa Version-

Rstinstruments ≫ Ic6560 Firmware Version1.19.4.0

Rstinstruments ≫ Ic6560 Version-

Rstinstruments ≫ Ic6660 Firmware Version1.19.4.0

Rstinstruments ≫ Ic6660 Version-

Rstinstruments ≫ Dtl201b/2b Firmware Version1.19.4.0

Rstinstruments ≫ Dtl201b/2b Version-

Rstinstruments ≫ Mtcm Firmware Version1.19.4.0

Rstinstruments ≫ Mtcm Version-

Rstinstruments ≫ Gaa2820 Firmware Version1.19.4.0

Rstinstruments ≫ Gaa2820 Version-

Rstinstruments ≫ Rtu Firmware Version1.19.4.0

Rstinstruments ≫ Rtu Version-

Rstinstruments ≫ Mems Tilt Meter Firmware Version1.20.1

Rstinstruments ≫ Mems Tilt Meter Version-

Rstinstruments ≫ Portable Tilt Meter Firmware Version1.20.1

Rstinstruments ≫ Portable Tilt Meter Version-

Rstinstruments ≫ Vw2106 Firmware Version-

Rstinstruments ≫ Vw2106 Version-

Rstinstruments ≫ Th2016 Firmware Version1.4.0.2

Rstinstruments ≫ Th2016 Version-

Rstinstruments ≫ Th2016b Firmware Version1.4.0.2

Rstinstruments ≫ Th2016b Version-

Rstinstruments ≫ Ma7 Firmware Version1.4.0.2

Rstinstruments ≫ Ma7 Version-

Rstinstruments ≫ Qb120 Firmware Version1.4.0.2

Rstinstruments ≫ Qb120 Version-

Rstinstruments ≫ Sg350 Firmware Version1.4.0.2

Rstinstruments ≫ Sg350 Version-

Rstinstruments ≫ Ir420 Firmware Version1.4.0.2

Rstinstruments ≫ Ir420 Version-

Rstinstruments ≫ Lp100 Firmware Version1.4.0.2

Rstinstruments ≫ Lp100 Version-

Rstinstruments ≫ C109 Firmware Version1.4.0.2

Rstinstruments ≫ C109 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.34%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

http://advanced.com

Product

http://caphyon.com

Product

https://gerr.re/posts/cve-2022-27438/

Third Party Advisory

Exploit

https://www.advancedinstaller.com/security-updates-auto-updater.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27438

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27438

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27438

EUVD