Cyber Resilience

CVE-2022-3365

CriticalPublic PoC

Published: 28 January 2025

Published
28 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5260 98.0th percentile
Risk Priority 51 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-3365 is a critical-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2022-3365 affects the Remote Mouse Server from Emote Interactive. The root cause is the product's use of a trivial substitution cipher transmitted in cleartext together with a default password that remains active when the user does not configure one. These weaknesses allow unauthenticated attackers to inject operating-system commands over the application's custom control protocol. The issue was confirmed in version 4.110, the current release at the time the CVE was reserved.

An attacker with network access can connect to the server, bypass the weak cipher and any default credentials, and execute arbitrary commands on the host. The vulnerability carries a CVSS 3.1 score of 9.8, reflecting that no privileges or user interaction are required and that the impact spans confidentiality, integrity, and availability.

A Metasploit module implementing the attack was developed and tested against the affected version. The associated EPSS score has risen from a low baseline to a current value of 0.5260 with a recorded peak of 0.6029, indicating that exploitation interest increased after disclosure. No vendor advisory or patch information is provided in the available references.

EU & UK References

Vulnerability details

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject…

more

OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated command injection into a network-exposed server application, matching exploitation of public-facing apps for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-22347Shared CWE-327
CVE-2025-68702Shared CWE-327
CVE-2026-21718Shared CWE-327
CVE-2026-22585Shared CWE-327
CVE-2024-41763Shared CWE-327
CVE-2026-34950Shared CWE-327
CVE-2025-69929Shared CWE-327
CVE-2026-28252Shared CWE-327
CVE-2026-28479Shared CWE-327
CVE-2024-43178Shared CWE-327

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires protection of transmission confidentiality and integrity using approved cryptography, directly countering the cleartext transmission of a trivial substitution cipher.

prevent

Mandates changing default authenticators prior to first use and managing authenticator strength, preventing exploitation via the default password.

prevent

Enforces validation of information inputs to the custom control protocol, blocking OS command injection attempts.

References