#VU18081 Hidden functionality (backdoor) in ASUS Live Update
Vulnerability identifier: #VU18081
Vulnerability risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID:
CWE-ID:
CWE-912
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ASUS Live Update
Client/Desktop applications /
Software for system administration
Vendor: Asus
Description
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammer”. The campaign ran from June to at least November 2018.
Mitigation
Install a new version of Asus Live Update from vendor's website and use antivirus software to detect and remove potential malware from your computers.
Vulnerable software versions
ASUS Live Update: All versions
External links
https://securelist.com/operation-shadowhammer/89992/
https://www.darkreading.com/attacks-breaches/attackers-compromise-asus-software-update-servers-to-di...
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
