CVE-2022-3365
📋 TL;DR
CVE-2022-3365 allows remote attackers to execute arbitrary operating system commands on systems running Remote Mouse Server due to weak encryption and default credentials. This affects users of Remote Mouse Server who haven't changed default settings or set passwords. Attackers can fully compromise vulnerable systems.
💻 Affected Systems
- Remote Mouse Server by Emote Interactive
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with administrative privileges, data theft, ransomware deployment, and lateral movement within networks.
Likely Case
Remote code execution leading to malware installation, data exfiltration, and persistent backdoor access.
If Mitigated
Limited impact if proper network segmentation, strong passwords, and updated versions are in place.
🎯 Exploit Status
Metasploit module available (PR #17067). Attack requires network access to Remote Mouse Server port (default 1978).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not publicly available
Restart Required: No
Instructions:
1. Check for updated version from Emote Interactive. 2. If update unavailable, implement workarounds. 3. Monitor vendor communications for patches.
🔧 Temporary Workarounds
Disable Remote Mouse Server
linuxCompletely remove or disable the vulnerable service
sudo systemctl stop remote-mouse-server
sudo systemctl disable remote-mouse-server
Block Network Access
linuxUse firewall to block inbound connections to Remote Mouse Server port
sudo ufw deny 1978
sudo iptables -A INPUT -p tcp --dport 1978 -j DROP
Set Strong Password
allChange from default password to complex, unique password
🧯 If You Can't Patch
- Segment network to isolate Remote Mouse Server from critical systems
- Implement strict firewall rules allowing only trusted IP addresses to connect
🔍 How to Verify
Check if Vulnerable:
Check if Remote Mouse Server version is 4.110 or earlier and running on default port 1978Check Version:
Check application interface or installation directory for version informationVerify Fix Applied:
Verify service is disabled or updated to version after 4.110📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from Remote Mouse Server
- Failed authentication attempts on port 1978
- Suspicious network connections to port 1978
Network Indicators:
- Unusual traffic patterns to port 1978
- Command injection patterns in network traffic
- Metasploit exploit traffic signatures
SIEM Query:
source_port:1978 AND (event_type:process_creation OR event_type:command_injection)