|Number of vulnerabilities||1|
|Public exploit||This vulnerability is being exploited in the wild.|
ASUS Live Update
Client/Desktop applications / Software for system administration
This security bulletin contains one critical risk vulnerability.
CWE-912 - Hidden Functionality (Backdoor)
Exploit availability: NoDescription
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.Mitigation
Install a new version of Asus Live Update from vendor's website and use antivirus software to detect and remove potential malware from your computers.
ASUS Live Update: All versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?