practically Cisco fastened important RCE bug in ClamAV Open-Supply Antivirus engineSecurity Affairs will lid the most recent and most present data practically the world. acquire entry to slowly consequently you comprehend with ease and accurately. will accumulation your information easily and reliably
Cisco has addressed a important vulnerability within the open supply ClamAV antivirus engine that may result in distant code execution on susceptible gadgets.
Cisco fastened a important flaw, tracked as CVE-2023-20032 (CVSS rating: 9.8), within the open supply ClamAV antivirus engine. The vulnerability resides within the HFS+ file scanner element, an attacker can set off the difficulty to realize distant code execution on susceptible gadgets or set off a DoS situation.
Registered as CVE-2023-20032 (CVSS rating: 9.8), the difficulty pertains to a distant code execution occasion residing within the HFS+ file parser.
The vulnerability impacts variations 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. The corporate credited Google’s Simon Scannell for reporting this challenge.
The vulnerability is a buffer overflow challenge that impacts the ClamAV scanning library, because of a scarcity of buffer measurement checking.
“This vulnerability is as a result of lack of a buffer measurement examine which may end up in a heap buffer overflow write. An attacker may exploit this vulnerability by sending an HFS+ partition file designed for ClamAV to scan on an affected machine.” learn the advisory printed by Cisco. “A profitable exploit may permit the attacker to execute arbitrary code with the privileges of the ClamAV scanning course of, or crash the method, which might lead to a denial of service (DoS) situation.”
The vulnerability impacts the next merchandise:
| cisco product | cisco bug id | Fastened model availability |
|---|---|---|
| Safe Endpoint, previously Superior Malware Safety (AMP) for Endpoints, for Linux | CSCwd74133 | 1.20.21 |
| Safe Endpoint, previously Superior Malware Safety (AMP) for Endpoints, for MacOS | CSCwd74134 | 1.21.11 |
| Safe Endpoint, previously Superior Malware Safety (AMP) for Endpoints, for Home windows | CSCwd74135 | 7.5.9 1 8.1.5 |
| Safe non-public cloud for endpoints | CSCwe18204 | 3.6.0 or later with up to date connectors2 |
| Safe Net Equipment, previously Net Safety Equipment | CSCwd74132 | 14.0.4-005 15.0.0-254 |
Safe Electronic mail Gateway, previously the Electronic mail Safety Equipment, and Safe Electronic mail and Net Supervisor, previously the Safety Administration Equipment, will not be affected.
The IT big says that there is no such thing as a repair for this vulnerability, the excellent news is that the corporate’s Product Safety Incident Response Crew (PSIRT) just isn’t conscious of any assaults within the wild that exploit this vulnerability.
Cisco additionally addressed one other vulnerability, tracked as CVE-2023-20052, within the ClamAV engine. The flaw is a attainable distant data leak vulnerability within the DMG file parser.
The vulnerability impacts variations 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
“This vulnerability is because of enabling XML entity substitution which may end up in the injection of exterior XML entities. An attacker may exploit this vulnerability by sending a DMG file designed to be scanned by ClamAV on an affected machine.” learn the discover. “A profitable exploit may permit the attacker to leak bytes from any recordsdata that the ClamAV scanning course of can learn.”
Comply with me on twitter: @safetyissues and Fb and Mastodon
Pierluigi Paganini
(Safety Points – hacking, ClamAV)
share on
I want the article about Cisco fastened important RCE bug in ClamAV Open-Supply Antivirus engineSecurity Affairs provides notion to you and is helpful for including collectively to your information
Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engineSecurity Affairs
