Embedded malicious code (backdoor) in 8.9.4 - #VU23342
Published: October 2, 2019 / Updated: December 3, 2019
Vulnerability identifier: #VU23342
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
8.9.4
8.9.4
Software vendor:
Andre Eleuterio
Andre Eleuterio
Description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor). The code has limited functionality and there is no evidence of further compromise.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..