Cisco has rolled out security updates to handle a critical flaw noted in the ClamAV open supply antivirus motor that could guide to remote code execution on vulnerable units.
Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of distant code execution residing in the HFS+ file parser ingredient.
The flaw affects versions 1.. and earlier, .105.1 and before, and .103.7 and previously. Google security engineer Simon Scannell has been credited with finding and reporting the bug.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“This vulnerability is owing to a missing buffer size check out that might end result in a heap buffer overflow publish,” Cisco Talos said in an advisory. “An attacker could exploit this vulnerability by publishing a crafted HFS+ partition file to be scanned by ClamAV on an influenced device.”
Prosperous exploitation of the weak spot could enable an adversary to operate arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the procedure, resulting in a denial-of-assistance (DoS) issue.
The networking gear claimed the adhering to products are vulnerable –
- Protected Endpoint, formerly Sophisticated Malware Defense (AMP) for Endpoints (Windows, macOS, and Linux)
- Safe Endpoint Private Cloud, and
- Protected Web Equipment, previously Web Security Appliance
It even more verified that the vulnerability does not affect Safe Email Gateway (previously Email Security Equipment) and Safe Email and Web Manager (previously Security Management Equipment) goods.
Also patched by Cisco is a remote info leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS rating: 5.3) that could be exploited by an unauthenticated, remote attacker.
“This vulnerability is owing to enabling XML entity substitution that might end result in XML exterior entity injection,” Cisco noted. “An attacker could exploit this vulnerability by publishing a crafted DMG file to be scanned by ClamAV on an affected device.”
It can be value pointing out that CVE-2023-20052 does not affect Cisco Secure Web Equipment. That reported, each vulnerabilities have been tackled in ClamAV versions .103.8, .105.2, and 1..1.
Cisco separately also fixed a denial-of-services (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS score: 7.5) and two other privilege escalation and command injection flaws in Email Security Appliance (ESA) and Safe Email and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).
Found this write-up interesting? Stick to us on Twitter and LinkedIn to study extra distinctive articles we article.
Some areas of this write-up are sourced from:
thehackernews.com
Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries
Feb 16, 2023
Advanced Persistent Threat
The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations, according to an exhaustive report published by Group-IB, which also found links between the adversary and two other intrusion sets tracked as Baby Elephant and DoNot Team . SideWinder is also referred to as APT-C-17, Hardcore Nationalist (HN2), Rattlesnake, Razor Tiger, and T-APT4. It's suspected to be of Indian origin, although Kaspersky in 2022 noted that the attribution is no longer deterministic. The group has been linked to no less than 1,000 attacks against government organizations in the Asia-Pacific region since April 2020, according to a report from the Russian cybersecurity firm early last year. Of the 61 potential targets compiled by Group-IB, 29 of them are located