CVE-2022-27438
Last modified
CVE-2022-27438 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.. EPSS estimates a 2.38% chance of exploitation in the next 30 days.
Description
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Caphyon | Advanced Installer | < 19.4 |
| 3cx | Call Flow Designer | 18.2.13 |
| 3cx | Crm Template Generator | 2.1.23 |
| Boom | Boomtv Streamer Portal | 2.2.1 |
| Codesector | Direct Folders | 4.0 |
| Codesector | Teracopy | 3.8.5 |
| Emeditor | Emeditor | 21.3.0 |
| Flamory | Flamory | 4.2.19.0 |
| Freesnippingtool | Free Snipping Tool | 5.6.0.0 |
| Fxsound | Fxsound | 1.1.12.0 |
| Gainedge | Better Explorer | 2020.3.15.1304 |
| Gamecaster | Gamecaster | 4.0.2109.2802 |
| Getmailbird | Mailbird | 2.9.50.0 |
| Guzogo | Guzogo | 1.0.5.0 |
| Honeygain | Honeygain | 0.10.7.0 |
| Jki | Vi Package Manager | 21.1.2754 |
| Jpsoft | Take Command | 28.2.18 |
| Krylack | Archive Password Recovery | 3.70.69 |
| Krylack | Asterisks Password Decryptor | 3.31.107 |
| Krylack | Burning Suite | 1.20.05 |
| Krylack | Rar Password Recovery | 3.70.69 |
| Krylack | Volume Serial Number Editor | 2.02.34 |
| Krylack | Zip Password Recovery | 3.70.69 |
| Moonsoftware | Password Agent | 20.10.1 |
| Nefarius | Scptoolkit | 1.6.238.16010 |
| Plagiarismcheckerx | Plagiarism Checker X | 8.0.6 |
| Prusa3d | Prusaslicer | 2.4.2 |
| Realdefense | Mycleanid | 4.1.4 |
| Realdefense | Mycleanpc | 4.0.2 |
| Realdefense | Mypasslock | 1.9.6 |
| Rovio | Angry Birds Space | 1.4.1 |
| Rovio | Bad Piggies | 1.3.0 |
| Synaptics | Displaylink Usb Graphics | < 10.3.6400.0 |
| Urban-Vpn | Urban Vpn | 2.2.5 |
| Vigem | Vigembus Driver | 1.16.116 |
| Vpnhood | Vpnhood | 2.4.299 |
| Vrdesktop | Virtual Desktop Streamer | 1.20.16 |
| Xsplit | Xsplit Express Video Editor | 3.0.2001.801 |
| Rstinstruments | Vw0420 Firmware | 1.33.0 |
| Rstinstruments | Inclinalysis Digital Inclinometer | 2.48.9 |
| Rstinstruments | Ipi Utility | 1.05.0 |
| Rstinstruments | Rstar Rtu Host | 1.33.0 |
| Rstinstruments | Dt2011 Firmware | 1.19.4.0 |
| Rstinstruments | Dt2011b Firmware | 1.19.4.0 |
| Rstinstruments | Dt2040 Firmware | 1.19.4.0 |
| Rstinstruments | Dt2050 Firmware | 1.19.4.0 |
| Rstinstruments | Dt2050b Firmware | 1.19.4.0 |
| Rstinstruments | Dt2055b Firmware | 1.19.4.0 |
| Rstinstruments | Dt2306 Firmware | 1.19.4.0 |
| Rstinstruments | Dt2350 Firmware | 1.19.4.0 |
Showing 50 of 70 affected configurations. See NVD for the full list.
References
- http://advanced.comProduct
- http://caphyon.comProduct
- https://gerr.re/posts/cve-2022-27438/Exploit, Third Party Advisory
- https://www.advancedinstaller.com/security-updates-auto-updater.htmlPatch, Vendor Advisory
- http://advanced.comProduct
- http://caphyon.comProduct
- https://gerr.re/posts/cve-2022-27438/Exploit, Third Party Advisory
- https://www.advancedinstaller.com/security-updates-auto-updater.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-27438?
How severe is CVE-2022-27438?
How do I fix CVE-2022-27438?
Are you affected by CVE-2022-27438?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST