Backdoor in CCleaner

Published: 2017-09-18

Risk	Critical
Patch available	YES
Number of vulnerabilities	1
CVE-ID	N/A
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	This vulnerability is being exploited in the wild.
Vulnerable software	CCleaner Client/Desktop applications / Antivirus software/Personal firewalls
Vendor	Piriform Ltd.

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Backdoor

EUVDB-ID: #VU11316

Risk: Critical

CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 were shipped with a backdoor code from official vendor’s website. The incident was detected on September 12.

The malicious version was released on August 15. Users, who downloaded CCleaner between August 15 and September 12, are affected.

Mitigation

Update to version 5.33.6163.

Vulnerable software versions

CCleaner: 5.33.6162

CPE2.3

cpe:2.3:a:piriform:ccleaner:5.33.6162:*:*:*:*:*:*:*

External links

https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.