Lucene search

[email protected]NVD:CVE-2022-27438

HistoryJun 06, 2022 - 11:15 p.m.

CVE-2022-27438

2022-06-0623:15:07

CWE-494

[email protected]

web.nvd.nist.gov

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.063 Low

EPSS

Percentile

93.7%

JSON

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Affected configurations

NVD

Node

caphyonadvanced_installerRange<19.4

Node

3cxcall_flow_designerMatch18.2.13

3cxcrm_template_generatorMatch2.1.23

boomboomtv_streamer_portalMatch2.2.1

codesectordirect_foldersMatch4.0

codesectorteracopyMatch3.8.5

emeditoremeditorMatch21.3.0

flamoryflamoryMatch4.2.19.0

freesnippingtoolfree_snipping_toolMatch5.6.0.0

fxsoundfxsoundMatch1.1.12.0

gainedgebetter_explorerMatch2020.3.15.1304

gamecastergamecasterMatch4.0.2109.2802

getmailbirdmailbirdMatch2.9.50.0

guzogoguzogoMatch1.0.5.0

honeygainhoneygainMatch0.10.7.0windows

jkivi_package_managerMatch21.1.2754

jpsofttake_commandMatch28.2.18

krylackarchive_password_recoveryMatch3.70.69

krylackasterisks_password_decryptorMatch3.31.107

krylackburning_suiteMatch1.20.05

krylackrar_password_recoveryMatch3.70.69

krylackvolume_serial_number_editorMatch2.02.34

krylackzip_password_recoveryMatch3.70.69

moonsoftwarepassword_agentMatch20.10.1

nefariusscptoolkitMatch1.6.238.16010

plagiarismcheckerxplagiarism_checker_xMatch8.0.6

prusa3dprusaslicerMatch2.4.2

realdefensemycleanidMatch4.1.4

realdefensemycleanpcMatch4.0.2

realdefensemypasslockMatch1.9.6

rovioangry_birds_spaceMatch1.4.1

roviobad_piggiesMatch1.3.0

synapticsdisplaylink_usb_graphicsRange<10.3.6400.0windows

urban-vpnurban_vpnMatch2.2.5

vigemvigembus_driverMatch1.16.116

vpnhoodvpnhoodMatch2.4.299windows

vrdesktopvirtual_desktop_streamerMatch1.20.16

xsplitxsplit_express_video_editorMatch3.0.2001.801

Node

rstinstrumentsvw0420Match-

AND

rstinstrumentsvw0420_firmwareMatch1.33.0

Node

rstinstrumentsinclinalysis_digital_inclinometerMatch2.48.9

rstinstrumentsipi_utilityMatch1.05.0

rstinstrumentsrstar_rtu_hostMatch1.33.0

Node

rstinstrumentsdt2011Match-

AND

rstinstrumentsdt2011_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2011bMatch-

AND

rstinstrumentsdt2011b_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2040Match-

AND

rstinstrumentsdt2040_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2050Match-

AND

rstinstrumentsdt2050_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2050bMatch-

AND

rstinstrumentsdt2050b_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2055bMatch-

AND

rstinstrumentsdt2055b_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2306_firmwareMatch1.19.4.0

AND

rstinstrumentsdt2306Match-

Node

rstinstrumentsdt2350_firmwareMatch1.19.4.0

AND

rstinstrumentsdt2350Match-

Node

rstinstrumentsdt2485_firmwareMatch1.19.4.0

AND

rstinstrumentsdt2485Match-

Node

rstinstrumentsdt4205_firmwareMatch1.19.4.0

AND

rstinstrumentsdt4205Match-

Node

rstinstrumentsdtsaa_firmwareMatch1.19.4.0

AND

rstinstrumentsdtsaaMatch-

Node

rstinstrumentsic6560_firmwareMatch1.19.4.0

AND

rstinstrumentsic6560Match-

Node

rstinstrumentsic6660_firmwareMatch1.19.4.0

AND

rstinstrumentsic6660Match-

Node

rstinstrumentsdtl201b\/2b_firmwareMatch1.19.4.0

AND

rstinstrumentsdtl201b\/2bMatch-

Node

rstinstrumentsmtcm_firmwareMatch1.19.4.0

AND

rstinstrumentsmtcmMatch-

Node

rstinstrumentsgaa2820_firmwareMatch1.19.4.0

AND

rstinstrumentsgaa2820Match-

Node

rstinstrumentsrtu_firmwareMatch1.19.4.0

AND

rstinstrumentsrtuMatch-

Node

rstinstrumentsmems_tilt_meter_firmwareMatch1.20.1

AND

rstinstrumentsmems_tilt_meterMatch-

Node

rstinstrumentsportable_tilt_meter_firmwareMatch1.20.1

AND

rstinstrumentsportable_tilt_meterMatch-

Node

rstinstrumentsvw2106_firmwareMatch-

AND

rstinstrumentsvw2106Match-

Node

rstinstrumentsth2016_firmwareMatch1.4.0.2

AND

rstinstrumentsth2016Match-

Node

rstinstrumentsth2016b_firmwareMatch1.4.0.2

AND

rstinstrumentsth2016bMatch-

Node

rstinstrumentsma7_firmwareMatch1.4.0.2

AND

rstinstrumentsma7Match-

Node

rstinstrumentsqb120_firmwareMatch1.4.0.2

AND

rstinstrumentsqb120Match-

Node

rstinstrumentssg350_firmwareMatch1.4.0.2

AND

rstinstrumentssg350Match-

Node

rstinstrumentsir420_firmwareMatch1.4.0.2

AND

rstinstrumentsir420Match-

Node

rstinstrumentslp100_firmwareMatch1.4.0.2

AND

rstinstrumentslp100Match-

Node

rstinstrumentsc109_firmwareMatch1.4.0.2

AND

rstinstrumentsc109Match-

References

advanced.com

caphyon.com

gerr.re/posts/cve-2022-27438/

www.advancedinstaller.com/security-updates-auto-updater.html

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.063 Low

EPSS

Percentile

93.7%

JSON

Related for NVD:CVE-2022-27438

cve1 prion1 cvelist1 githubexploit1