CVE-2022-27438

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-27438
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

8.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.1 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://caphyon.com Product
https://gerr.re/posts/cve-2022-27438/ Exploit Third Party Advisory
http://advanced.com Product
https://www.advancedinstaller.com/security-updates-auto-updater.html Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:caphyon:advanced_installer:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:realdefense:mypasslock:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:realdefense:mycleanpc:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:realdefense:mycleanid:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:prusa3d:prusaslicer:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:plagiarismcheckerx:plagiarism_checker_x:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vigem:vigembus_driver:1.16.116:*:*:*:*:*:*:*
cpe:2.3:a:nefarius:scptoolkit:1.6.238.16010:*:*:*:*:*:*:*
cpe:2.3:a:moonsoftware:password_agent:20.10.1:*:*:*:*:*:*:*
cpe:2.3:a:getmailbird:mailbird:2.9.50.0:*:*:*:*:*:*:*
cpe:2.3:a:krylack:burning_suite:1.20.05:*:*:*:*:*:*:*
cpe:2.3:a:krylack:rar_password_recovery:3.70.69:*:*:*:*:*:*:*
cpe:2.3:a:krylack:volume_serial_number_editor:2.02.34:*:*:*:*:*:*:*
cpe:2.3:a:krylack:zip_password_recovery:3.70.69:*:*:*:*:*:*:*
cpe:2.3:a:krylack:asterisks_password_decryptor:3.31.107:*:*:*:*:*:*:*
cpe:2.3:a:krylack:archive_password_recovery:3.70.69:*:*:*:*:*:*:*
cpe:2.3:a:jpsoft:take_command:28.2.18:*:*:*:*:*:*:*
cpe:2.3:a:jki:vi_package_manager:21.1.2754:*:*:*:*:*:*:*
cpe:2.3:a:honeygain:honeygain:0.10.7.0:*:*:*:*:windows:*:*
cpe:2.3:a:guzogo:guzogo:1.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:gamecaster:gamecaster:4.0.2109.2802:*:*:*:*:*:*:*
cpe:2.3:a:gainedge:better_explorer:2020.3.15.1304:*:*:*:*:*:*:*
cpe:2.3:a:fxsound:fxsound:1.1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:freesnippingtool:free_snipping_tool:5.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:flamory:flamory:4.2.19.0:*:*:*:*:*:*:*
cpe:2.3:a:emeditor:emeditor:21.3.0:*:*:*:*:*:*:*
cpe:2.3:a:codesector:direct_folders:4.0:*:*:*:*:*:*:*
cpe:2.3:a:boom:boomtv_streamer_portal:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:codesector:teracopy:3.8.5:*:*:*:*:*:*:*
cpe:2.3:a:3cx:crm_template_generator:2.1.23:*:*:*:*:*:*:*
cpe:2.3:a:3cx:call_flow_designer:18.2.13:*:*:*:*:*:*:*
cpe:2.3:a:vpnhood:vpnhood:2.4.299:*:*:*:*:windows:*:*
cpe:2.3:a:vrdesktop:virtual_desktop_streamer:1.20.16:*:*:*:*:*:*:*
cpe:2.3:a:urban-vpn:urban_vpn:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:xsplit:xsplit_express_video_editor:3.0.2001.801:*:*:*:*:*:*:*
cpe:2.3:a:rovio:bad_piggies:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:rovio:angry_birds_space:1.4.1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rstinstruments:vw0420_firmware:1.33.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:vw0420:-:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:rstinstruments:rstar_rtu_host:1.33.0:*:*:*:*:*:*:*
cpe:2.3:a:rstinstruments:ipi_utility:1.05.0:*:*:*:*:*:*:*
cpe:2.3:a:rstinstruments:inclinalysis_digital_inclinometer:2.48.9:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rstinstruments:dt2011_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2011:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:rstinstruments:dt2011b_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2011b:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:rstinstruments:dt2040_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2040:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:rstinstruments:dt2050_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2050:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:rstinstruments:dt2050b_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2050b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:rstinstruments:dt2055b_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2055b:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:rstinstruments:dt2306_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2306:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:rstinstruments:dt2350_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2350:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:rstinstruments:dt2485_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt2485:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:rstinstruments:dt4205_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dt4205:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:rstinstruments:dtsaa_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dtsaa:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:rstinstruments:ic6560_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:ic6560:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:rstinstruments:ic6660_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:ic6660:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:rstinstruments:dtl201b\/2b_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:dtl201b\/2b:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:rstinstruments:mtcm_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:mtcm:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:rstinstruments:gaa2820_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:gaa2820:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:rstinstruments:rtu_firmware:1.19.4.0:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:rtu:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:rstinstruments:mems_tilt_meter_firmware:1.20.1:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:mems_tilt_meter:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:rstinstruments:portable_tilt_meter_firmware:1.20.1:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:portable_tilt_meter:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:rstinstruments:vw2106_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:vw2106:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:rstinstruments:th2016_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:th2016:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:rstinstruments:th2016b_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:th2016b:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:rstinstruments:ma7_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:ma7:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:rstinstruments:qb120_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:qb120:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:rstinstruments:sg350_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:sg350:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:rstinstruments:ir420_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:ir420:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:rstinstruments:lp100_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:lp100:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:rstinstruments:c109_firmware:1.4.0.2:*:*:*:*:*:*:*
cpe:2.3:h:rstinstruments:c109:-:*:*:*:*:*:*:*
Information

Published : 2022-06-06 16:15

Updated : 2022-10-19 05:51

NVD link : CVE-2022-27438

Mitre link : CVE-2022-27438

JSON object : View

CWE
CWE-494

Download of Code Without Integrity Check

Advertisement

dedicated server usa
Products Affected

rstinstruments

  • th2016b_firmware
  • c109_firmware
  • mtcm
  • rstar_rtu_host
  • vw0420
  • dt2485
  • dt2011
  • ic6660
  • gaa2820
  • dt2350_firmware
  • gaa2820_firmware
  • lp100
  • dt2050b
  • portable_tilt_meter_firmware
  • qb120
  • dt2306
  • qb120_firmware
  • ir420_firmware
  • dt2050b_firmware
  • dtsaa_firmware
  • dtsaa
  • dtl201b\/2b_firmware
  • ic6560
  • lp100_firmware
  • dt2350
  • ipi_utility
  • mems_tilt_meter_firmware
  • dt2011b
  • dt2485_firmware
  • th2016
  • ma7
  • vw2106
  • dt2011b_firmware
  • mtcm_firmware
  • dt2050_firmware
  • dt2011_firmware
  • sg350
  • dt2055b_firmware
  • vw0420_firmware
  • c109
  • sg350_firmware
  • dt2040
  • dt2040_firmware
  • th2016_firmware
  • mems_tilt_meter
  • dt2055b
  • rtu
  • inclinalysis_digital_inclinometer
  • dt4205
  • th2016b
  • vw2106_firmware
  • ic6660_firmware
  • ic6560_firmware
  • ir420
  • dtl201b\/2b
  • rtu_firmware
  • ma7_firmware
  • dt2050
  • dt2306_firmware
  • portable_tilt_meter
  • dt4205_firmware

3cx

  • crm_template_generator
  • call_flow_designer

rovio

  • angry_birds_space
  • bad_piggies

codesector

  • direct_folders
  • teracopy

krylack

  • asterisks_password_decryptor
  • volume_serial_number_editor
  • burning_suite
  • zip_password_recovery
  • archive_password_recovery
  • rar_password_recovery

urban-vpn

  • urban_vpn

plagiarismcheckerx

  • plagiarism_checker_x

caphyon

  • advanced_installer

emeditor

  • emeditor

jki

  • vi_package_manager

vrdesktop

  • virtual_desktop_streamer

realdefense

  • mycleanid
  • mypasslock
  • mycleanpc

gainedge

  • better_explorer

boom

  • boomtv_streamer_portal

getmailbird

  • mailbird

nefarius

  • scptoolkit

vigem

  • vigembus_driver

xsplit

  • xsplit_express_video_editor

moonsoftware

  • password_agent

vpnhood

  • vpnhood

prusa3d

  • prusaslicer

honeygain

  • honeygain

gamecaster

  • gamecaster

jpsoft

  • take_command

flamory

  • flamory

guzogo

  • guzogo

freesnippingtool

  • free_snipping_tool

fxsound

  • fxsound