Cisco has issued security updates for the open-source ClamAV antivirus engine to address a critical flaw that could result in remote code execution on vulnerable devices.
The bug tracked as CVE-2023-20032, has a CVSS score of 9.8 and relates to a case of remote code execution residing in the HFS+ file parser component. Versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier are affected by the flaw. Simon Scannell, a Google security engineer, discovered and reported the bug.
Successful exploitation of the vulnerability could lead to the attacker running arbitrary code with the same privileges as the ClamAV scanning process or crashing the process, resulting in a denial-of-service (DoS) condition. "Cisco report"
Also read: Cyber Attacks on the Rise: Protecting Your Business from the Dangers of DOS/DDOS
Cisco has confirmed that the vulnerability does not impact Secure Email Gateway and Secure Email and Web Manager products. The flaw has been addressed in ClamAV versions 0.103.8, 0.105.2, and 1.0.1.
Additionally, Cisco has patched a remote information leak vulnerability in ClamAV's DMG file parser (CVE-2023-20052, CVSS score: 5.3) that could be exploited by an unauthenticated, remote attacker.
The company has also resolved a DoS vulnerability in Cisco Nexus Dashboard (CVE-2023-20014, CVSS score: 7.5) and two other privilege escalation and command injection flaws in Email Security Appliance (ESA) and Secure Email and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).
Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, be sure to follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more exciting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!