GuptiMiner
Vulnerability details
Advisory: SB2024042410 - MitM attack in MicroWorld Technologies eScan
Vulnerable component: eScan
CVE-ID:
CVSSv3 score: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information
Description:
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to software uses insecure communication channel within the software update functionality. A remote attacker with ability to intercept network traffic can perform MitM attack during software update and swap the update package with malicious files.
Note, the vulnerability is being actively exploited in the wild.
External links:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/