In the first week of October 2018, we received a bug submission which was related to MWAgent. The researcher also provided us with the Proof of Concept to trigger the vulnerability. The vulnerability allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.
Affected Application: MWAgent.exe (4.0.2.98)
Location (x86 systems): C:\Program Files\Common Files\MicroWorld\Agent
Attack Type: Remote
Vulnerability Type: Incorrect Access Control
CVE Assigned: CVE-2018-18388
Time-Line
Vulnerability Submission: 1st October 2018
Work-Around Deployment: Second Week of October 2018
Final Patch: 12th November 2018
After the deployment of work-around globally, we are continuously monitoring for any incidents which may try to exploit the said vulnerability. Furthermore, after thoroughly testing the final patch, we have released it through global updates for automated patching of the affected application.
Essential Details of the Final Patch
The details of the updated MWAgent.exe which was rolled out on 12th Nov. 2018
FileName : C:\Program Files\Common Files\MicroWorld\Agent\mwagent.exe
FileVersion: 4.0.2.108
ProdVersion: 4.0.2.108
Description: eScan Agent Application
CompanyName: MicroWorld Technologies Inc.
ProductName: eScan for Windows
InternName : Agent
FileSize : 1667192
MD5-Hash : 6621764218fe361ba7034fab0c75659c
Users may use this information to verify the successful deployment of the patch for CVE-2018-18388.
