Cisco has rolled out safety updates to handle a crucial flaw reported within the ClamAV open supply antivirus engine that would result in distant code execution on inclined gadgets.
Tracked as CVE-2023-20032 (CVSS rating: 9.8), the difficulty pertains to a case of distant code execution residing within the HFS+ file parser element.
The flaw impacts variations 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Google safety engineer Simon Scannell has been credited with discovering and reporting the bug.
“This vulnerability is because of a lacking buffer dimension verify which will lead to a heap buffer overflow write,” Cisco Talos mentioned in an advisory. “An attacker may exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected gadget.”
Profitable exploitation of the weak spot may allow an adversary to run arbitrary code with the identical privileges as that of the ClamAV scanning course of, or crash the method, leading to a denial-of-service (DoS) situation.
The networking tools mentioned the next merchandise are weak –
- Safe Endpoint, previously Superior Malware Safety (AMP) for Endpoints (Home windows, macOS, and Linux)
- Safe Endpoint Personal Cloud, and
- Safe Internet Equipment, previously Internet Safety Equipment
It additional confirmed that the vulnerability doesn’t influence Safe Electronic mail Gateway (previously Electronic mail Safety Equipment) and Safe Electronic mail and Internet Supervisor (previously Safety Administration Equipment) merchandise.
Additionally patched by Cisco is a distant data leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS rating: 5.3) that could possibly be exploited by an unauthenticated, distant attacker.
“This vulnerability is because of enabling XML entity substitution which will lead to XML exterior entity injection,” Cisco famous. “An attacker may exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected gadget.”
It is price declaring that CVE-2023-20052 doesn’t have an effect on Cisco Safe Internet Equipment. That mentioned, each vulnerabilities have been addressed in ClamAV variations 0.103.8, 0.105.2, and 1.0.1.
Cisco individually additionally resolved a denial-of-service (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS rating: 7.5) and two different privilege escalation and command injection flaws in Electronic mail Safety Equipment (ESA) and Safe Electronic mail and Internet Supervisor (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).