CVE-2022-27438

Exp

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.

Published: 2022-06-06 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-27438 is rated High Exploit Risk (78.5/100): CVSS High severity, with high exploitation likelihood (EPSS 12.27%, 94th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2022-27438

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2022-27438

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-21 13.93% 12.27% -1.65%
2 2025-11-18 12.34% 13.93% +1.59%
3 2025-07-22 12.34%

Full EPSS history (38 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-27438

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.1 3.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.2 5.9 [email protected]
5.1 2.0 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:H)
Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 4.9 6.4 [email protected]

Weakness enumeration for CVE-2022-27438

Affected software / configurations for CVE-2022-27438

Vendor Product Version Raw CPE
caphyon advanced_installer < 19.4 cpe:2.3:a:caphyon:advanced_installer:*:*:*:*:*:*:*:*
3cx call_flow_designer 18.2.13 cpe:2.3:a:3cx:call_flow_designer:18.2.13:*:*:*:*:*:*:*
3cx crm_template_generator 2.1.23 cpe:2.3:a:3cx:crm_template_generator:2.1.23:*:*:*:*:*:*:*
boom boomtv_streamer_portal 2.2.1 cpe:2.3:a:boom:boomtv_streamer_portal:2.2.1:*:*:*:*:*:*:*
codesector direct_folders 4.0 cpe:2.3:a:codesector:direct_folders:4.0:*:*:*:*:*:*:*
codesector teracopy 3.8.5 cpe:2.3:a:codesector:teracopy:3.8.5:*:*:*:*:*:*:*
emeditor emeditor 21.3.0 cpe:2.3:a:emeditor:emeditor:21.3.0:*:*:*:*:*:*:*
flamory flamory 4.2.19.0 cpe:2.3:a:flamory:flamory:4.2.19.0:*:*:*:*:*:*:*
freesnippingtool free_snipping_tool 5.6.0.0 cpe:2.3:a:freesnippingtool:free_snipping_tool:5.6.0.0:*:*:*:*:*:*:*
fxsound fxsound 1.1.12.0 cpe:2.3:a:fxsound:fxsound:1.1.12.0:*:*:*:*:*:*:*
gainedge better_explorer 2020.3.15.1304 cpe:2.3:a:gainedge:better_explorer:2020.3.15.1304:*:*:*:*:*:*:*
gamecaster gamecaster 4.0.2109.2802 cpe:2.3:a:gamecaster:gamecaster:4.0.2109.2802:*:*:*:*:*:*:*
getmailbird mailbird 2.9.50.0 cpe:2.3:a:getmailbird:mailbird:2.9.50.0:*:*:*:*:*:*:*
guzogo guzogo 1.0.5.0 cpe:2.3:a:guzogo:guzogo:1.0.5.0:*:*:*:*:*:*:*
honeygain honeygain 0.10.7.0 cpe:2.3:a:honeygain:honeygain:0.10.7.0:*:*:*:*:windows:*:*
jki vi_package_manager 21.1.2754 cpe:2.3:a:jki:vi_package_manager:21.1.2754:*:*:*:*:*:*:*
jpsoft take_command 28.2.18 cpe:2.3:a:jpsoft:take_command:28.2.18:*:*:*:*:*:*:*
krylack archive_password_recovery 3.70.69 cpe:2.3:a:krylack:archive_password_recovery:3.70.69:*:*:*:*:*:*:*
krylack asterisks_password_decryptor 3.31.107 cpe:2.3:a:krylack:asterisks_password_decryptor:3.31.107:*:*:*:*:*:*:*
krylack burning_suite 1.20.05 cpe:2.3:a:krylack:burning_suite:1.20.05:*:*:*:*:*:*:*
krylack rar_password_recovery 3.70.69 cpe:2.3:a:krylack:rar_password_recovery:3.70.69:*:*:*:*:*:*:*
krylack volume_serial_number_editor 2.02.34 cpe:2.3:a:krylack:volume_serial_number_editor:2.02.34:*:*:*:*:*:*:*
krylack zip_password_recovery 3.70.69 cpe:2.3:a:krylack:zip_password_recovery:3.70.69:*:*:*:*:*:*:*
moonsoftware password_agent 20.10.1 cpe:2.3:a:moonsoftware:password_agent:20.10.1:*:*:*:*:*:*:*
nefarius scptoolkit 1.6.238.16010 cpe:2.3:a:nefarius:scptoolkit:1.6.238.16010:*:*:*:*:*:*:*
plagiarismcheckerx plagiarism_checker_x 8.0.6 cpe:2.3:a:plagiarismcheckerx:plagiarism_checker_x:8.0.6:*:*:*:*:*:*:*
prusa3d prusaslicer 2.4.2 cpe:2.3:a:prusa3d:prusaslicer:2.4.2:*:*:*:*:*:*:*
realdefense mycleanid 4.1.4 cpe:2.3:a:realdefense:mycleanid:4.1.4:*:*:*:*:*:*:*
realdefense mycleanpc 4.0.2 cpe:2.3:a:realdefense:mycleanpc:4.0.2:*:*:*:*:*:*:*
realdefense mypasslock 1.9.6 cpe:2.3:a:realdefense:mypasslock:1.9.6:*:*:*:*:*:*:*
rovio angry_birds_space 1.4.1 cpe:2.3:a:rovio:angry_birds_space:1.4.1:*:*:*:*:*:*:*
rovio bad_piggies 1.3.0 cpe:2.3:a:rovio:bad_piggies:1.3.0:*:*:*:*:*:*:*
synaptics displaylink_usb_graphics < 10.3.6400.0 cpe:2.3:a:synaptics:displaylink_usb_graphics:*:*:*:*:*:windows:*:*
urban-vpn urban_vpn 2.2.5 cpe:2.3:a:urban-vpn:urban_vpn:2.2.5:*:*:*:*:*:*:*
vigem vigembus_driver 1.16.116 cpe:2.3:a:vigem:vigembus_driver:1.16.116:*:*:*:*:*:*:*
vpnhood vpnhood 2.4.299 cpe:2.3:a:vpnhood:vpnhood:2.4.299:*:*:*:*:windows:*:*
vrdesktop virtual_desktop_streamer 1.20.16 cpe:2.3:a:vrdesktop:virtual_desktop_streamer:1.20.16:*:*:*:*:*:*:*
xsplit xsplit_express_video_editor 3.0.2001.801 cpe:2.3:a:xsplit:xsplit_express_video_editor:3.0.2001.801:*:*:*:*:*:*:*
rstinstruments vw0420_firmware 1.33.0 cpe:2.3:o:rstinstruments:vw0420_firmware:1.33.0:*:*:*:*:*:*:*
rstinstruments inclinalysis_digital_inclinometer 2.48.9 cpe:2.3:a:rstinstruments:inclinalysis_digital_inclinometer:2.48.9:*:*:*:*:*:*:*
rstinstruments ipi_utility 1.05.0 cpe:2.3:a:rstinstruments:ipi_utility:1.05.0:*:*:*:*:*:*:*
rstinstruments rstar_rtu_host 1.33.0 cpe:2.3:o:rstinstruments:rstar_rtu_host:1.33.0:*:*:*:*:*:*:*
rstinstruments dt2011_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2011_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2011b_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2011b_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2040_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2040_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2050_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2050_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2050b_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2050b_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2055b_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2055b_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2306_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2306_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2350_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2350_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt2485_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt2485_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dt4205_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dt4205_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dtsaa_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dtsaa_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments ic6560_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:ic6560_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments ic6660_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:ic6660_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments dtl201b\/2b_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:dtl201b\/2b_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments mtcm_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:mtcm_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments gaa2820_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:gaa2820_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments rtu_firmware 1.19.4.0 cpe:2.3:o:rstinstruments:rtu_firmware:1.19.4.0:*:*:*:*:*:*:*
rstinstruments mems_tilt_meter_firmware 1.20.1 cpe:2.3:o:rstinstruments:mems_tilt_meter_firmware:1.20.1:*:*:*:*:*:*:*
rstinstruments portable_tilt_meter_firmware 1.20.1 cpe:2.3:o:rstinstruments:portable_tilt_meter_firmware:1.20.1:*:*:*:*:*:*:*
rstinstruments vw2106_firmware cpe:2.3:o:rstinstruments:vw2106_firmware:-:*:*:*:*:*:*:*
rstinstruments th2016_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:th2016_firmware:1.4.0.2:*:*:*:*:*:*:*
rstinstruments th2016b_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:th2016b_firmware:1.4.0.2:*:*:*:*:*:*:*
rstinstruments ma7_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:ma7_firmware:1.4.0.2:*:*:*:*:*:*:*
rstinstruments qb120_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:qb120_firmware:1.4.0.2:*:*:*:*:*:*:*
rstinstruments sg350_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:sg350_firmware:1.4.0.2:*:*:*:*:*:*:*
rstinstruments ir420_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:ir420_firmware:1.4.0.2:*:*:*:*:*:*:*
rstinstruments lp100_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:lp100_firmware:1.4.0.2:*:*:*:*:*:*:*
rstinstruments c109_firmware 1.4.0.2 cpe:2.3:o:rstinstruments:c109_firmware:1.4.0.2:*:*:*:*:*:*:*

References for CVE-2022-27438

cvelogic Threat Intelligence