Cisco has rolled out security updates to tackle a critical flaw claimed in the ClamAV open up source antivirus motor that could guide to remote code execution on susceptible products.
Tracked as CVE-2023-20032 (CVSS rating: 9.8), the issue relates to a scenario of remote code execution residing in the HFS+ file parser element.
The flaw impacts variations 1.. and before, .105.1 and before, and .103.7 and previously. Google security engineer Simon Scannell has been credited with getting and reporting the bug.
“This vulnerability is because of to a missing buffer dimensions check out that may final result in a heap buffer overflow create,” Cisco Talos mentioned in an advisory. “An attacker could exploit this vulnerability by distributing a crafted HFS+ partition file to be scanned by ClamAV on an afflicted product.”
Thriving exploitation of the weak point could allow an adversary to run arbitrary code with the exact same privileges as that of the ClamAV scanning course of action, or crash the system, resulting in a denial-of-services (DoS) problem.
The networking equipment mentioned the subsequent goods are vulnerable –
- Safe Endpoint, formerly Innovative Malware Protection (AMP) for Endpoints (Windows, macOS, and Linux)
- Secure Endpoint Non-public Cloud, and
- Protected Web Equipment, formerly Web Security Appliance
It more verified that the vulnerability does not effects Protected Email Gateway (previously Email Security Equipment) and Safe Email and Web Supervisor (previously Security Administration Appliance) solutions.
Also patched by Cisco is a remote details leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS rating: 5.3) that could be exploited by an unauthenticated, distant attacker.
“This vulnerability is because of to enabling XML entity substitution that may perhaps consequence in XML external entity injection,” Cisco noted. “An attacker could exploit this vulnerability by publishing a crafted DMG file to be scanned by ClamAV on an afflicted gadget.”
It’s worth pointing out that CVE-2023-20052 does not have an impact on Cisco Safe Web Appliance. That explained, the two vulnerabilities have been tackled in ClamAV versions .103.8, .105.2, and 1..1.
Cisco separately also fixed a denial-of-company (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS score: 7.5) and two other privilege escalation and command injection flaws in Email Security Appliance (ESA) and Safe Email and Web Supervisor (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).
Located this post interesting? Stick to us on Twitter and LinkedIn to examine much more exclusive information we write-up.
Some parts of this article are sourced from:
thehackernews.com