cbcvebase.
CVE-2022-3365
published 2025-01-28

CVE-2022-3365: Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.04%
78.8th percentile
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.

Affected

1 ranges
VendorProductVersion rangeFixed in
emote_interactiveremote_mouse_server<= 4.110

Detection & IOCsextracted from sources · hover to see the quote

versionRemote Mouse Server < 4.200
otherMetasploit module: exploits/windows/misc/remote_mouse_rce
  • The exploit only succeeds when the Remote Mouse Server is configured with no password (default state). Alert on Remote Mouse Server instances reachable without authentication.
  • A '500' server response code in the Remote Mouse Server protocol indicates a version >= 4.200 (patched). Absence of this response on exploit attempts indicates a vulnerable, unpatched host.
  • The protocol uses a trivial substitution cipher. Hunt for network traffic characteristic of this weak obfuscation scheme on Remote Mouse Server listening ports as an indicator of exploitation attempts.
  • ·Exploitation is only possible when the Remote Mouse Server is running with no user-configured password (the default). Instances with a non-default password set are not exploitable via this module.
  • ·The vulnerability affects Remote Mouse Server versions prior to 4.200. Version 4.110 was confirmed vulnerable and was the current release at time of CVE reservation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.