Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software
Cisco has rolled out protection updates to tackle a important flaw claimed in the ClamAV open up supply antivirus engine that could lead to distant code execution on prone units.
Tracked as CVE-2023-20032 (CVSS score: 9.8), the challenge relates to a case of distant code execution residing in the HFS+ file parser element.
The flaw impacts versions 1.. and previously, .105.1 and earlier, and .103.7 and previously. Google security engineer Simon Scannell has been credited with exploring and reporting the bug.
“This vulnerability is owing to a lacking buffer size verify that may well consequence in a heap buffer overflow write,” Cisco Talos stated in an advisory. “An attacker could exploit this vulnerability by publishing a crafted HFS+ partition file to be scanned by ClamAV on an impacted system.”
Prosperous exploitation of the weak point could empower an adversary to run arbitrary code with the exact same privileges as that of the ClamAV scanning process, or crash the method, ensuing in a denial-of-service (DoS) situation.
The networking tools reported the following items are susceptible –
- Protected Endpoint, formerly Innovative Malware Security (AMP) for Endpoints (Home windows, macOS, and Linux)
- Secure Endpoint Non-public Cloud, and
- Secure Web Equipment, previously World wide web Stability Equipment
It more verified that the vulnerability does not effects Protected Electronic mail Gateway (previously E mail Security Equipment) and Safe Electronic mail and Web Manager (formerly Protection Administration Equipment) goods.
Also patched by Cisco is a distant data leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS rating: 5.3) that could be exploited by an unauthenticated, remote attacker.
“This vulnerability is because of to enabling XML entity substitution that may perhaps outcome in XML external entity injection,” Cisco observed. “An attacker could exploit this vulnerability by distributing a crafted DMG file to be scanned by ClamAV on an influenced system.”
It really is truly worth pointing out that CVE-2023-20052 does not impact Cisco Safe Website Equipment. That mentioned, each vulnerabilities have been dealt with in ClamAV variations .103.8, .105.2, and 1..1.
Cisco independently also settled a denial-of-support (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS rating: 7.5) and two other privilege escalation and command injection flaws in E-mail Protection Equipment (ESA) and Secure E mail and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).