Vulnerability Description
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cmder | Cmder | < 1.3.2 |
| Maximus5 | Conemu | <= 22.08.07 |
Related Weaknesses (CWE)
References
- https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635eThird Party Advisory
- https://github.com/cmderdev/cmder/blob/master/CHANGELOG.mdRelease Notes
- https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635eThird Party Advisory
- https://github.com/cmderdev/cmder/blob/master/CHANGELOG.mdRelease Notes
FAQ
What is CVE-2022-46387?
CVE-2022-46387 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
How severe is CVE-2022-46387?
CVE-2022-46387 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-46387?
Check the references section above for vendor advisories and patch information. Affected products include: Cmder Cmder, Maximus5 Conemu.