Backdoor in Asus Live Update

Published: 2019-03-26 | Updated: 2019-03-26
Severity Critical
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CWE ID CWE-912
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software ASUS Live Update Subscribe
Vendor Asus

Security Advisory

This security advisory describes one critical risk vulnerability.

1) Hidden functionality (backdoor)

Severity: Critical

CVSSv3: 9.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]

CVE-ID: N/A

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Description

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.

Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.

Mitigation

Install a new version of Asus Live Update from vendor's website and use antivirus software to detect and remove potential malware from your computers.

Vulnerable software versions

ASUS Live Update: -

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.