Lucene search

[email protected]CVE-2022-27438

HistoryJun 06, 2022 - 11:15 p.m.

CVE-2022-27438

2022-06-0623:15:07

CWE-494

[email protected]

web.nvd.nist.gov

cve-2022-27438

caphyon ltd

advanced installer

remote code execution

vulnerability

update function

advanced updater

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.063 Low

EPSS

Percentile

93.7%

JSON

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Affected configurations

NVD

Node

caphyonadvanced_installerRange<19.4

Node

3cxcall_flow_designerMatch18.2.13

3cxcrm_template_generatorMatch2.1.23

boomboomtv_streamer_portalMatch2.2.1

codesectordirect_foldersMatch4.0

codesectorteracopyMatch3.8.5

emeditoremeditorMatch21.3.0

flamoryflamoryMatch4.2.19.0

freesnippingtoolfree_snipping_toolMatch5.6.0.0

fxsoundfxsoundMatch1.1.12.0

gainedgebetter_explorerMatch2020.3.15.1304

gamecastergamecasterMatch4.0.2109.2802

getmailbirdmailbirdMatch2.9.50.0

guzogoguzogoMatch1.0.5.0

honeygainhoneygainMatch0.10.7.0windows

jkivi_package_managerMatch21.1.2754

jpsofttake_commandMatch28.2.18

krylackarchive_password_recoveryMatch3.70.69

krylackasterisks_password_decryptorMatch3.31.107

krylackburning_suiteMatch1.20.05

krylackrar_password_recoveryMatch3.70.69

krylackvolume_serial_number_editorMatch2.02.34

krylackzip_password_recoveryMatch3.70.69

moonsoftwarepassword_agentMatch20.10.1

nefariusscptoolkitMatch1.6.238.16010

plagiarismcheckerxplagiarism_checker_xMatch8.0.6

prusa3dprusaslicerMatch2.4.2

realdefensemycleanidMatch4.1.4

realdefensemycleanpcMatch4.0.2

realdefensemypasslockMatch1.9.6

rovioangry_birds_spaceMatch1.4.1

roviobad_piggiesMatch1.3.0

synapticsdisplaylink_usb_graphicsRange<10.3.6400.0windows

urban-vpnurban_vpnMatch2.2.5

vigemvigembus_driverMatch1.16.116

vpnhoodvpnhoodMatch2.4.299windows

vrdesktopvirtual_desktop_streamerMatch1.20.16

xsplitxsplit_express_video_editorMatch3.0.2001.801

Node

rstinstrumentsvw0420Match-

AND

rstinstrumentsvw0420_firmwareMatch1.33.0

Node

rstinstrumentsinclinalysis_digital_inclinometerMatch2.48.9

rstinstrumentsipi_utilityMatch1.05.0

rstinstrumentsrstar_rtu_hostMatch1.33.0

Node

rstinstrumentsdt2011Match-

AND

rstinstrumentsdt2011_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2011bMatch-

AND

rstinstrumentsdt2011b_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2040Match-

AND

rstinstrumentsdt2040_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2050Match-

AND

rstinstrumentsdt2050_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2050bMatch-

AND

rstinstrumentsdt2050b_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2055bMatch-

AND

rstinstrumentsdt2055b_firmwareMatch1.19.4.0

Node

rstinstrumentsdt2306_firmwareMatch1.19.4.0

AND

rstinstrumentsdt2306Match-

Node

rstinstrumentsdt2350_firmwareMatch1.19.4.0

AND

rstinstrumentsdt2350Match-

Node

rstinstrumentsdt2485_firmwareMatch1.19.4.0

AND

rstinstrumentsdt2485Match-

Node

rstinstrumentsdt4205_firmwareMatch1.19.4.0

AND

rstinstrumentsdt4205Match-

Node

rstinstrumentsdtsaa_firmwareMatch1.19.4.0

AND

rstinstrumentsdtsaaMatch-

Node

rstinstrumentsic6560_firmwareMatch1.19.4.0

AND

rstinstrumentsic6560Match-

Node

rstinstrumentsic6660_firmwareMatch1.19.4.0

AND

rstinstrumentsic6660Match-

Node

rstinstrumentsdtl201b\/2b_firmwareMatch1.19.4.0

AND

rstinstrumentsdtl201b\/2bMatch-

Node

rstinstrumentsmtcm_firmwareMatch1.19.4.0

AND

rstinstrumentsmtcmMatch-

Node

rstinstrumentsgaa2820_firmwareMatch1.19.4.0

AND

rstinstrumentsgaa2820Match-

Node

rstinstrumentsrtu_firmwareMatch1.19.4.0

AND

rstinstrumentsrtuMatch-

Node

rstinstrumentsmems_tilt_meter_firmwareMatch1.20.1

AND

rstinstrumentsmems_tilt_meterMatch-

Node

rstinstrumentsportable_tilt_meter_firmwareMatch1.20.1

AND

rstinstrumentsportable_tilt_meterMatch-

Node

rstinstrumentsvw2106_firmwareMatch-

AND

rstinstrumentsvw2106Match-

Node

rstinstrumentsth2016_firmwareMatch1.4.0.2

AND

rstinstrumentsth2016Match-

Node

rstinstrumentsth2016b_firmwareMatch1.4.0.2

AND

rstinstrumentsth2016bMatch-

Node

rstinstrumentsma7_firmwareMatch1.4.0.2

AND

rstinstrumentsma7Match-

Node

rstinstrumentsqb120_firmwareMatch1.4.0.2

AND

rstinstrumentsqb120Match-

Node

rstinstrumentssg350_firmwareMatch1.4.0.2

AND

rstinstrumentssg350Match-

Node

rstinstrumentsir420_firmwareMatch1.4.0.2

AND

rstinstrumentsir420Match-

Node

rstinstrumentslp100_firmwareMatch1.4.0.2

AND

rstinstrumentslp100Match-

Node

rstinstrumentsc109_firmwareMatch1.4.0.2

AND

rstinstrumentsc109Match-

CPENameOperatorVersion
caphyon:advanced_installercaphyon advanced installerlt19.4

CPE	Name	Operator	Version
caphyon:advanced_installer	caphyon advanced installer	lt	19.4

References

advanced.com

caphyon.com

gerr.re/posts/cve-2022-27438/

www.advancedinstaller.com/security-updates-auto-updater.html

Social References

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.063 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2022-27438

githubexploit1 prion1 cvelist1 nvd1