#VU11316 Backdoor in CCleaner

Cybersecurity Help s.r.o.

Published: 2018-03-28 | Updated: 2018-11-22

Vulnerability identifier: #VU11316

Vulnerability risk: Critical

CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CCleaner
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Piriform Ltd.

Description
CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 were shipped with a backdoor code from official vendor’s website. The incident was detected on September 12.

The malicious version was released on August 15. Users, who downloaded CCleaner between August 15 and September 12, are affected.

Mitigation
Update to version 5.33.6163.

Vulnerable software versions

CCleaner: 5.33.6162

External links
https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Backdoor in CCleaner