Potential Exposure to BPFDoor (Local Check - Linux)

critical Nessus Plugin ID 161476

Synopsis

Detects potential IOCs for BPFDoor

Description

There are one or more indicators that this system has run BPFDoor, a backdoor payload for Linux that is often deployed by malware to gain re-entry to a device.

It is recommended that the results are manually verified and appropriate remediation actions taken.

Note that Nessus has not tested for this issue but has instead looked for traces typically left by the backdoor.

See Also

http://www.nessus.org/u?2397d919

Plugin Details

Severity: Critical

ID: 161476

File Name: bpfdoor_local_detect.nbin

Version: 1.123

Type: local

Agent: unix

Family: Backdoors

Published: 5/24/2022

Updated: 5/20/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: The system is suspected as being infected by malware.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/Linux