CVE-2022-46387

ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e	Third Party Advisory
https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md	Release Notes
https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e	Third Party Advisory
https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:cmder:cmder:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:maximus5:conemu:*:*:*:*:*:*:*:*

History

19 Feb 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-116

21 Nov 2024, 07:30

Type	Values Removed	Values Added
References	~~() https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e - Third Party Advisory~~	() https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e - Third Party Advisory
References	~~() https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md - Release Notes~~	() https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md - Release Notes

28 Mar 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-28 20:15

Updated : 2025-02-19 19:15

NVD link : CVE-2022-46387

Mitre link : CVE-2022-46387

CVE.ORG link : CVE-2022-46387

JSON object : View

Products Affected

maximus5

conemu

cmder

cmder

CWE

NVD-CWE-noinfo CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2022-46387", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-03-28T20:15:10.940", "references": [{"url": "https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands."}], "lastModified": "2025-02-19T19:15:11.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cmder:cmder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FC90BDE-5692-47F6-9E5E-7E56138BB819", "versionEndExcluding": "1.3.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maximus5:conemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43CF9C8A-DC56-48B5-BABC-E5950ED9E576", "versionEndIncluding": "22.08.07"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}