#VU22390 Embedded malicious code (backdoor) in buffer-xkr
Published: October 30, 2019
Vulnerability identifier: #VU22390
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
buffer-xkr
buffer-xkr
Software vendor:
Andre Eleuterio
Andre Eleuterio
Description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that was designed to target the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..