Main Vulnerability Database Vulnerabilities #VU88961

#VU88961 Cleartext transmission of sensitive information in eScan

Published: April 24, 2024

Vulnerability identifier: #VU88961

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-319

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
eScan

Software vendor:
MicroWorld Technologies

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to software uses insecure communication channel within the software update functionality. A remote attacker with ability to intercept network traffic can perform MitM attack during software update and swap the update package with malicious files.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

#VU88961 Cleartext transmission of sensitive information in eScan

Description

Remediation

External links

Please verify you're human