Vulnerability Details : CVE-2022-43543
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4
Products affected by CVE-2022-43543
- cpe:2.3:a:kddi:\+_message:*:*:*:*:*:android:*:*
- cpe:2.3:a:kddi:\+_message:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:softbank:\+_message:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:softbank:\+_message:*:*:*:*:*:android:*:*
- cpe:2.3:a:docomo:\+_message:*:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:docomo:\+_message:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-43543
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-43543
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
NIST |
References for CVE-2022-43543
-
https://www.docomo.ne.jp/service/plus_message/
+メッセージ(プラスメッセージ) | サービス・機能 | NTTドコモVendor Advisory
-
https://www.au.com/mobile/service/plus-message/information/
お知らせ:+メッセージ(プラスメッセージ) | サービス・機能 | auVendor Advisory
-
https://jvn.jp/en/jp/JVN43561812/index.html
JVN#43561812: +Message App improper handling of Unicode control charactersThird Party Advisory
-
https://www.softbank.jp/mobile/service/plus-message/
+メッセージ(プラスメッセージ) | スマートフォン・携帯電話 | ソフトバンクVendor Advisory
Jump to