CVE-2022-27438 — HIGH (8.1)

Q: How severe is CVE-2022-27438?

CVE-2022-27438 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27438?

Check the references section above for vendor advisories and patch information. Affected products include: Caphyon Advanced Installer, 3Cx Call Flow Designer, 3Cx Crm Template Generator, Boom Boomtv Streamer Portal, Codesector Direct Folders.

Vulnerability Description

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Caphyon	Advanced Installer	< 19.4
3Cx	Call Flow Designer	18.2.13
3Cx	Crm Template Generator	2.1.23
Boom	Boomtv Streamer Portal	2.2.1
Codesector	Direct Folders	4.0
Codesector	Teracopy	3.8.5
Emeditor	Emeditor	21.3.0
Flamory	Flamory	4.2.19.0
Freesnippingtool	Free Snipping Tool	5.6.0.0
Fxsound	Fxsound	1.1.12.0
Gainedge	Better Explorer	2020.3.15.1304
Gamecaster	Gamecaster	4.0.2109.2802
Getmailbird	Mailbird	2.9.50.0
Guzogo	Guzogo	1.0.5.0
Honeygain	Honeygain	0.10.7.0
Jki	Vi Package Manager	21.1.2754
Jpsoft	Take Command	28.2.18
Krylack	Archive Password Recovery	3.70.69
Krylack	Asterisks Password Decryptor	3.31.107
Krylack	Burning Suite	1.20.05

Related Weaknesses (CWE)

CWE-494

References

http://advanced.comProduct
http://caphyon.comProduct
https://gerr.re/posts/cve-2022-27438/ExploitThird Party Advisory
https://www.advancedinstaller.com/security-updates-auto-updater.htmlPatchVendor Advisory
http://advanced.comProduct
http://caphyon.comProduct
https://gerr.re/posts/cve-2022-27438/ExploitThird Party Advisory
https://www.advancedinstaller.com/security-updates-auto-updater.htmlPatchVendor Advisory

FAQ

What is CVE-2022-27438?

CVE-2022-27438 is a vulnerability with a CVSS score of 8.1 (HIGH). Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDe...

How severe is CVE-2022-27438?

CVE-2022-27438 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27438?

Check the references section above for vendor advisories and patch information. Affected products include: Caphyon Advanced Installer, 3Cx Call Flow Designer, 3Cx Crm Template Generator, Boom Boomtv Streamer Portal, Codesector Direct Folders.