#VU22384 Embedded malicious code (backdoor) in buffer-xos
Published: October 30, 2019
Vulnerability identifier: #VU22384
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
buffer-xos
buffer-xos
Software vendor:
Andre Eleuterio
Andre Eleuterio
Description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that was designed to target the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..