Cisco has rolled out safety updates to deal with a essential flaw reported within the ClamAV open supply antivirus engine that might result in distant code execution on prone units.
Tracked as CVE-2023-20032 (CVSS rating: 9.8), the difficulty pertains to a case of distant code execution residing within the HFS+ file parser part.
The flaw impacts variations 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Google safety engineer Simon Scannell has been credited with discovering and reporting the bug.
“This vulnerability is because of a lacking buffer measurement examine which will lead to a heap buffer overflow write,” Cisco Talos mentioned in an advisory. “An attacker might exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected gadget.”
Successful exploitation of the weak point might allow an adversary to run arbitrary code with the identical privileges as that of the ClamAV scanning course of, or crash the method, leading to a denial-of-service (DoS) situation.
The networking tools mentioned the next merchandise are weak –
- Secure Endpoint, previously Advanced Malware Protection (AMP) for Endpoints (Windows, macOS, and Linux)
- Secure Endpoint Private Cloud, and
- Secure Web Appliance, previously Web Security Appliance
It additional confirmed that the vulnerability doesn’t impression Secure Email Gateway (previously Email Security Appliance) and Secure Email and Web Manager (previously Security Management Appliance) merchandise.
Also patched by Cisco is a distant data leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS rating: 5.3) that could possibly be exploited by an unauthenticated, distant attacker.
“This vulnerability is because of enabling XML entity substitution which will lead to XML exterior entity injection,” Cisco famous. “An attacker might exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected gadget.”
It’s value declaring that CVE-2023-20052 doesn’t have an effect on Cisco Secure Web Appliance. That mentioned, each vulnerabilities have been addressed in ClamAV variations 0.103.8, 0.105.2, and 1.0.1.
Cisco individually additionally resolved a denial-of-service (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS rating: 7.5) and two different privilege escalation and command injection flaws in Email Security Appliance (ESA) and Secure Email and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).