Cisco has rolled out security updates to handle a critical flaw noted in the ClamAV open supply antivirus motor that could guide to remote code execution on vulnerable units.
Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of distant code execution residing in the HFS+ file parser ingredient.
The flaw affects versions 1.. and earlier, .105.1 and before, and .103.7 and previously. Google security engineer Simon Scannell has been credited with finding and reporting the bug.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“This vulnerability is owing to a missing buffer size check out that might end result in a heap buffer overflow publish,” Cisco Talos said in an advisory. “An attacker could exploit this vulnerability by publishing a crafted HFS+ partition file to be scanned by ClamAV on an influenced device.”
Prosperous exploitation of the weak spot could enable an adversary to operate arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the procedure, resulting in a denial-of-assistance (DoS) issue.
The networking gear claimed the adhering to products are vulnerable –
- Protected Endpoint, formerly Sophisticated Malware Defense (AMP) for Endpoints (Windows, macOS, and Linux)
- Safe Endpoint Private Cloud, and
- Protected Web Equipment, previously Web Security Appliance
It even more verified that the vulnerability does not affect Safe Email Gateway (previously Email Security Equipment) and Safe Email and Web Manager (previously Security Management Equipment) goods.
Also patched by Cisco is a remote info leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS rating: 5.3) that could be exploited by an unauthenticated, remote attacker.
“This vulnerability is owing to enabling XML entity substitution that might end result in XML exterior entity injection,” Cisco noted. “An attacker could exploit this vulnerability by publishing a crafted DMG file to be scanned by ClamAV on an affected device.”
It can be value pointing out that CVE-2023-20052 does not affect Cisco Secure Web Equipment. That reported, each vulnerabilities have been tackled in ClamAV versions .103.8, .105.2, and 1..1.
Cisco separately also fixed a denial-of-services (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS score: 7.5) and two other privilege escalation and command injection flaws in Email Security Appliance (ESA) and Safe Email and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).
Found this write-up interesting? Stick to us on Twitter and LinkedIn to study extra distinctive articles we article.
Some areas of this write-up are sourced from:
thehackernews.com