#VU18081 Hidden functionality (backdoor) in ASUS Live Update
Vulnerability identifier: #VU18081
Vulnerability risk: Critical
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-912
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ASUS Live Update
Client/Desktop applications /
Software for system administration
Vendor: Asus
Description
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.
Mitigation
Install a new version of Asus Live Update from vendor's website and use antivirus software to detect and remove potential malware from your computers.
Vulnerable software versions
ASUS Live Update: All versions
External links
http://securelist.com/operation-shadowhammer/89992/
http://www.darkreading.com/attacks-breaches/attackers-compromise-asus-software-update-servers-to-di...
http://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
