#VU22387 Embedded malicious code (backdoor) in buffer-xo2
Published: October 30, 2019
Vulnerability identifier: #VU22387
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
buffer-xo2
buffer-xo2
Software vendor:
Andre Eleuterio
Andre Eleuterio
Description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that was designed to target the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..