CVE-2022-43543

Published: Dic 21, 2022 Last Modified: Apr 16, 2025 EU-VD ID: EUVD-2022-46541 Aliases: GSD-2022-43543

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0032

Percentile

0,5th

Updated

EPSS Score Trend (Last 90 Days)

116

Improper Encoding or Escaping of Output

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Modify Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Database Server, Not Technology-Specific, Web Server

Likelihood of Exploit: High

View CWE Details

Application

\+ Message by Softbank

Product Information

Vendor Softbank

Product \+ Message

Version Range Affected

To 3.9.4 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:softbank:\+_message:*:*:*:*:*:iphone_os:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

\+ Message by Softbank

Product Information

Vendor Softbank

Product \+ Message

Version Range Affected

To 12.9.5 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:softbank:\+_message:*:*:*:*:*:android:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

\+ Message by Docomo

Product Information

Vendor Docomo

Product \+ Message

Version Range Affected

To 3.9.4 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:docomo:\+_message:*:*:*:*:*:iphone_os:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

\+ Message by Kddi

Product Information

Vendor Kddi

Product \+ Message

Version Range Affected

To 3.9.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:kddi:\+_message:*:*:*:*:*:android:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

\+ Message by Kddi

Product Information

Vendor Kddi

Product \+ Message

Version Range Affected

To 3.9.4 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:kddi:\+_message:*:*:*:*:*:iphone_os:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

\+ Message by Docomo

Product Information

Vendor Docomo

Product \+ Message

Version Range Affected

To 54.49.0500 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:docomo:\+_message:*:*:*:*:*:android:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://jvn.jp/en/jp/JVN43561812/index.html

Third Party Advisory

https://jvn.jp/en/jp/JVN43561812/index.html

https://www.au.com/mobile/service/plus-message/information/

Vendor Advisory

https://www.au.com/mobile/service/plus-message/information/

https://www.docomo.ne.jp/service/plus_message/

Vendor Advisory

https://www.docomo.ne.jp/service/plus_message/

https://www.softbank.jp/mobile/service/plus-message/

Vendor Advisory

https://www.softbank.jp/mobile/service/plus-message/

https://jvn.jp/en/jp/JVN43561812/index.html

Third Party Advisory

https://jvn.jp/en/jp/JVN43561812/index.html

https://www.au.com/mobile/service/plus-message/information/

Vendor Advisory

https://www.au.com/mobile/service/plus-message/information/

https://www.docomo.ne.jp/service/plus_message/

Vendor Advisory

https://www.docomo.ne.jp/service/plus_message/

https://www.softbank.jp/mobile/service/plus-message/

Vendor Advisory

https://www.softbank.jp/mobile/service/plus-message/

CVE-2022-43543

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Encoding or Escaping of Output

Common Consequences

Applicable Platforms

\+ Message by Softbank

Product Information

\+ Message by Softbank

Product Information

\+ Message by Docomo

Product Information

\+ Message by Kddi

Product Information

\+ Message by Kddi

Product Information

\+ Message by Docomo

Product Information

Iscriviti alla newsletter