CVE-2022-46387
CRITICALCVSS 9.8/10EPSS 0.87%
Last modified
CVE-2022-46387 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.. EPSS estimates a 0.87% chance of exploitation in the next 30 days.
Description
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cmder | Cmder | < 1.3.2 |
| Maximus5 | Conemu | <= 22.08.07 |
References
- https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635eThird Party Advisory
- https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635eThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-46387?
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
How severe is CVE-2022-46387?
CVE-2022-46387 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.87% probability of exploitation in the next 30 days.
How do I fix CVE-2022-46387?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-46387?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST