Cisco has rolled out security updates to handle a critical flaw noted in the ClamAV open supply antivirus motor that could guide to remote code execution on vulnerable units.
Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of distant code execution residing in the HFS+ file parser ingredient.
The flaw affects versions 1.. and earlier, .105.1 and before, and .103.7 and previously. Google security engineer Simon Scannell has been credited with finding and reporting the bug.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“This vulnerability is owing to a missing buffer size check out that might end result in a heap buffer overflow publish,” Cisco Talos said in an advisory. “An attacker could exploit this vulnerability by publishing a crafted HFS+ partition file to be scanned by ClamAV on an influenced device.”
Prosperous exploitation of the weak spot could enable an adversary to operate arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the procedure, resulting in a denial-of-assistance (DoS) issue.
The networking gear claimed the adhering to products are vulnerable –
- Protected Endpoint, formerly Sophisticated Malware Defense (AMP) for Endpoints (Windows, macOS, and Linux)
- Safe Endpoint Private Cloud, and
- Protected Web Equipment, previously Web Security Appliance
It even more verified that the vulnerability does not affect Safe Email Gateway (previously Email Security Equipment) and Safe Email and Web Manager (previously Security Management Equipment) goods.
Also patched by Cisco is a remote info leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS rating: 5.3) that could be exploited by an unauthenticated, remote attacker.
“This vulnerability is owing to enabling XML entity substitution that might end result in XML exterior entity injection,” Cisco noted. “An attacker could exploit this vulnerability by publishing a crafted DMG file to be scanned by ClamAV on an affected device.”
It can be value pointing out that CVE-2023-20052 does not affect Cisco Secure Web Equipment. That reported, each vulnerabilities have been tackled in ClamAV versions .103.8, .105.2, and 1..1.
Cisco separately also fixed a denial-of-services (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS score: 7.5) and two other privilege escalation and command injection flaws in Email Security Appliance (ESA) and Safe Email and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).
Found this write-up interesting? Stick to us on Twitter and LinkedIn to study extra distinctive articles we article.
Some areas of this write-up are sourced from: