Backdoor.Win32.Autocrat.b Service Port 8536 hard-coded credentials

A vulnerability, which was classified as critical, has been found in Backdoor.Win32.Autocrat.b. Affected by this issue is some unknown functionality of the component Service Port 8536. The manipulation leads to hard-coded credentials. Using CWE to declare the problem leads to CWE-798. The weakness was released 11/25/2022 as MVID-2022-0660. The advisory is available at malvuln.com. The attack may be launched remotely. There are no technical details available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1110.001 by the MITRE ATT&CK project. It is declared as proof-of-concept. The exploit is available at malvuln.com. As 0-day the estimated underground price was around $0-$5k. It is recommended to apply restrictive firewalling. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

123

Field

exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1
vulnerability_cvss3_vuldb_basescore1

Commit Conf

90%32
50%9

Approve Conf

90%32
80%9
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1330804211/25/2022VulD...price_0day$0-$5ksee exploit price documentation11/25/2022accepted
90
1330804111/25/2022VulD...cvss3_meta_tempscore6.4see CVSS documentation11/25/2022accepted
90
1330804011/25/2022VulD...cvss3_meta_basescore7.3see CVSS documentation11/25/2022accepted
90
1330803911/25/2022VulD...cvss3_vuldb_tempscore6.4see CVSS documentation11/25/2022accepted
90
1330803811/25/2022VulD...cvss3_vuldb_basescore7.3see CVSS documentation11/25/2022accepted
90
1330803711/25/2022VulD...cvss2_vuldb_tempscore6.1see CVSS documentation11/25/2022accepted
90
1330803611/25/2022VulD...cvss2_vuldb_basescore7.5see CVSS documentation11/25/2022accepted
90
1330803511/25/2022VulD...cvss2_vuldb_rlWderived from vuldb v3 vector11/25/2022accepted
80
1330803411/25/2022VulD...cvss2_vuldb_rcURderived from vuldb v3 vector11/25/2022accepted
80
1330803311/25/2022VulD...cvss2_vuldb_ePOCderived from vuldb v3 vector11/25/2022accepted
80
1330803211/25/2022VulD...cvss2_vuldb_aiPderived from vuldb v3 vector11/25/2022accepted
80
1330803111/25/2022VulD...cvss2_vuldb_iiPderived from vuldb v3 vector11/25/2022accepted
80
1330803011/25/2022VulD...cvss2_vuldb_ciPderived from vuldb v3 vector11/25/2022accepted
80
1330802911/25/2022VulD...cvss2_vuldb_auNderived from vuldb v3 vector11/25/2022accepted
80
1330802811/25/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector11/25/2022accepted
80
1330802711/25/2022VulD...cvss2_vuldb_avNderived from vuldb v3 vector11/25/2022accepted
80
1330802611/25/2022VulD...typeRemote Access Software11/25/2022accepted
90
1330802511/25/2022VulD...date1669330800 (11/25/2022)11/25/2022accepted
90
1330802411/25/2022VulD...nocve111/25/2022accepted
90
1330802311/25/2022VulD...responsibleVulDB11/25/2022accepted
90

21 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 21 results.

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!