Backdoor in Asus Live Update
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-912 |
| Exploitation vector | Network |
| Public exploit | This vulnerability is being exploited in the wild. |
| Vulnerable software Subscribe |
ASUS Live Update Client/Desktop applications / Software for system administration |
| Vendor | Asus |
Security Bulletin
This security bulletin contains one critical risk vulnerability.
1) Hidden functionality (backdoor)
EUVDB-ID: #VU18081
Risk: Critical
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-912 - Hidden Functionality (Backdoor)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.
MitigationInstall a new version of Asus Live Update from vendor's website and use antivirus software to detect and remove potential malware from your computers.
ASUS Live Update: All versions
CPE2.3 External links
http://securelist.com/operation-shadowhammer/89992/
http://www.darkreading.com/attacks-breaches/attackers-compromise-asus-software-update-servers-to-di...
http://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-...
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
