Cisco has issued security updates to address a critical flaw in ClamAV open-source antivirus engine.
The flaw, which is tracked as CVE-2023-20032 with a CVSS score of 9.8, relates to a case of remote code execution residing in the HFS+ file parser component. Successful exploitation of this weakness could enable an attacker to run arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the process, resulting in a denial-of-service (DoS) condition.
The vulnerability affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
The critical flaw in ClamAV was discovered and reported by Google security engineer Simon Scannell. In addition to patching this flaw, Cisco has also resolved a remote information leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS score: 5.3) that could be exploited by an unauthenticated, remote attacker.
Products Vulnerable to the Flaw
The following products are vulnerable to the flaw:
- Secure Endpoint, formerly Advanced Malware Protection (AMP) for Endpoints (Windows, macOS, and Linux)
- Secure Endpoint Private Cloud, and
- Secure Web Appliance, formerly Web Security Appliance.
Cisco has confirmed that the vulnerability does not impact Secure Email Gateway (formerly Email Security Appliance) and Secure Email and Web Manager (formerly Security Management Appliance) products. Both vulnerabilities have been addressed in ClamAV versions 0.103.8, 0.105.2, and 1.0.1.
In addition to these vulnerabilities, Cisco has also resolved a denial-of-service (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS score: 7.5) and two other privilege escalation and command injection flaws in Email Security Appliance (ESA) and Secure Email and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.