CVE-2022-46387
Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (1)
NVD
CWE (1)
CWE-116: Improper Encoding or Escaping of Output
CAPEC (-)
Risk
CVSS Score
9.8 Critical
SSVC
Attend
KEV
-
EPSS
0.2%
Affected Products (-)
Vendors (2)
cmder, maximus5
Products (2)
cmder, conemu
Versions (2)
< 1.3.2, <= 22.08.07
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (2)
General (2)
github
Exploits & POcs (-)
Patches (-)
Advisories (-)
Summary
Descriptions
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-04 CVE Reserved
- 2023-03-28 CVE Published
- 2024-12-17 EPSS Updated
- 2025-02-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-116: Improper Encoding or Escaping of Output
CAPEC
Threat Intelligence Resources (0)
| Select | Title | Date |
|---|
Security Advisory details:
Select an advisory to view details here.
| Select | Title | Date |
|---|
Select an exploit to view details here.
References (2)
| URL | Tag | Source |
|---|---|---|
| https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e | Third Party Advisory | |
| https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cmder Search vendor "Cmder" | Cmder Search vendor "Cmder" for product "Cmder" | < 1.3.2 Search vendor "Cmder" for product "Cmder" and version " < 1.3.2" | - |
Affected
| ||||||
| Maximus5 Search vendor "Maximus5" | Conemu Search vendor "Maximus5" for product "Conemu" | <= 22.08.07 Search vendor "Maximus5" for product "Conemu" and version " <= 22.08.07" | - |
Affected
| ||||||