Backdoor in CCleaner - #VU11316

Vulnerability identifier: #VU11316

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Piriform Ltd.

Affected software:
CCleaner

CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 were shipped with a backdoor code from official vendor’s website. The incident was detected on September 12.

The malicious version was released on August 15. Users, who downloaded CCleaner between August 15 and September 12, are affected.

Update to version 5.33.6163.

• https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident