CVE-2022-3365
Published: 28 January 2025
Summary
CVE-2022-3365 is a critical-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2022-3365 affects the Remote Mouse Server from Emote Interactive. The root cause is the product's use of a trivial substitution cipher transmitted in cleartext together with a default password that remains active when the user does not configure one. These weaknesses allow unauthenticated attackers to inject operating-system commands over the application's custom control protocol. The issue was confirmed in version 4.110, the current release at the time the CVE was reserved.
An attacker with network access can connect to the server, bypass the weak cipher and any default credentials, and execute arbitrary commands on the host. The vulnerability carries a CVSS 3.1 score of 9.8, reflecting that no privileges or user interaction are required and that the impact spans confidentiality, integrity, and availability.
A Metasploit module implementing the attack was developed and tested against the affected version. The associated EPSS score has risen from a low baseline to a current value of 0.5260 with a recorded peak of 0.6029, indicating that exploitation interest increased after disclosure. No vendor advisory or patch information is provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42745
Vulnerability details
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject…
more
OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated command injection into a network-exposed server application, matching exploitation of public-facing apps for RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires protection of transmission confidentiality and integrity using approved cryptography, directly countering the cleartext transmission of a trivial substitution cipher.
Mandates changing default authenticators prior to first use and managing authenticator strength, preventing exploitation via the default password.
Enforces validation of information inputs to the custom control protocol, blocking OS command injection attempts.