Vulnerability Details : CVE-2022-27438
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.
Vulnerability category: Execute code
Products affected by CVE-2022-27438
- cpe:2.3:a:3cx:crm_template_generator:2.1.23:*:*:*:*:*:*:*
- cpe:2.3:a:3cx:call_flow_designer:18.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:getmailbird:mailbird:2.9.50.0:*:*:*:*:*:*:*
- cpe:2.3:a:synaptics:displaylink_usb_graphics:*:*:*:*:*:windows:*:*
- cpe:2.3:a:prusa3d:prusaslicer:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:krylack:zip_password_recovery:3.70.69:*:*:*:*:*:*:*
- cpe:2.3:a:krylack:burning_suite:1.20.05:*:*:*:*:*:*:*
- cpe:2.3:a:krylack:rar_password_recovery:3.70.69:*:*:*:*:*:*:*
- cpe:2.3:a:krylack:volume_serial_number_editor:2.02.34:*:*:*:*:*:*:*
- cpe:2.3:a:krylack:asterisks_password_decryptor:3.31.107:*:*:*:*:*:*:*
- cpe:2.3:a:krylack:archive_password_recovery:3.70.69:*:*:*:*:*:*:*
- cpe:2.3:a:caphyon:advanced_installer:*:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:vw0420_firmware:1.33.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2011_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2011b_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2040_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2050_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2050b_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2055b_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2306_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2350_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt2485_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dt4205_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dtsaa_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:ic6560_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:ic6660_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:dtl201b\/2b_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:mtcm_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:gaa2820_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:rtu_firmware:1.19.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:mems_tilt_meter_firmware:1.20.1:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:portable_tilt_meter_firmware:1.20.1:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:vw2106_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:th2016_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:th2016b_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:ma7_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:qb120_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:sg350_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:ir420_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:lp100_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:c109_firmware:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:rstinstruments:rstar_rtu_host:1.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:rstinstruments:ipi_utility:1.05.0:*:*:*:*:*:*:*
- cpe:2.3:a:rstinstruments:inclinalysis_digital_inclinometer:2.48.9:*:*:*:*:*:*:*
- cpe:2.3:a:realdefense:mypasslock:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:realdefense:mycleanpc:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:realdefense:mycleanid:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:plagiarismcheckerx:plagiarism_checker_x:8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:vigem:vigembus_driver:1.16.116:*:*:*:*:*:*:*
- cpe:2.3:a:nefarius:scptoolkit:1.6.238.16010:*:*:*:*:*:*:*
- cpe:2.3:a:moonsoftware:password_agent:20.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:jpsoft:take_command:28.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:jki:vi_package_manager:21.1.2754:*:*:*:*:*:*:*
- cpe:2.3:a:honeygain:honeygain:0.10.7.0:*:*:*:*:windows:*:*
- cpe:2.3:a:guzogo:guzogo:1.0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gamecaster:gamecaster:4.0.2109.2802:*:*:*:*:*:*:*
- cpe:2.3:a:gainedge:better_explorer:2020.3.15.1304:*:*:*:*:*:*:*
- cpe:2.3:a:fxsound:fxsound:1.1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:freesnippingtool:free_snipping_tool:5.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:flamory:flamory:4.2.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:emeditor:emeditor:21.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:codesector:direct_folders:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:codesector:teracopy:3.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:boom:boomtv_streamer_portal:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:vpnhood:vpnhood:2.4.299:*:*:*:*:windows:*:*
- cpe:2.3:a:vrdesktop:virtual_desktop_streamer:1.20.16:*:*:*:*:*:*:*
- cpe:2.3:a:urban-vpn:urban_vpn:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:xsplit:xsplit_express_video_editor:3.0.2001.801:*:*:*:*:*:*:*
- cpe:2.3:a:rovio:bad_piggies:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:rovio:angry_birds_space:1.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-27438
7.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-27438
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2022-27438
-
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-27438
-
http://advanced.com
Advanced Interconnections | Interconnect SolutionsProduct
-
https://www.advancedinstaller.com/security-updates-auto-updater.html
Important Security Updates for the Advanced Installer Auto UpdaterPatch;Vendor Advisory
-
http://caphyon.com
Caphyon LtdProduct
-
https://gerr.re/posts/cve-2022-27438/
CVE-2022-27438 | Gerr.reExploit;Third Party Advisory
Jump to