Potential Exposure to BPFDoor (Local Check - Linux)

critical Nessus Plugin ID 161476


Detects potential IOCs for BPFDoor


There are one or more indicators that this system has run BPFDoor, a backdoor payload for Linux that is often deployed by malware to gain re-entry to a device.

It is recommended that the results are manually verified and appropriate remediation actions taken.

Note that Nessus has not tested for this issue but has instead looked for traces typically left by the backdoor.

See Also


Plugin Details

Severity: Critical

ID: 161476

File Name: bpfdoor_local_detect.nbin

Version: 1.123

Type: local

Agent: unix

Family: Backdoors

Published: 5/24/2022

Updated: 5/20/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: The system is suspected as being infected by malware.


Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual


Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/Linux