Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices.
Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component.
The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Google security engineer Simon Scannell has been credited with discovering and reporting the bug.
“This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write,” Cisco Talos said in an advisory. “An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.”
Successful exploitation of the weakness could enable an adversary to run arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the process, resulting in a denial-of-service (DoS) condition.
The networking equipment said the following products are vulnerable –
It further confirmed that the vulnerability does not impact Secure Email Gateway (formerly Email Security Appliance) and Secure Email and Web Manager (formerly Security Management Appliance) products.
Also patched by Cisco is a remote information leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052, CVSS score: 5.3) that could be exploited by an unauthenticated, remote attacker.
“This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection,” Cisco noted. “An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device.”
It’s worth pointing out that CVE-2023-20052 does not affect Cisco Secure Web Appliance. That said, both vulnerabilities have been addressed in ClamAV versions 0.103.8, 0.105.2, and 1.0.1.
Cisco separately also resolved a denial-of-service (DoS) vulnerability impacting Cisco Nexus Dashboard (CVE-2023-20014, CVSS score: 7.5) and two other privilege escalation and command injection flaws in Email Security Appliance (ESA) and Secure Email and Web Manager (CVE-2023-20009 and CVE-2023-20075, CVSS scores: 6.5).
Join us for our webinar to learn how to tackle challenges, launch a program, and choose the right solution.
Join the conversation with security gurus to learn about technologies that can shield your web apps from stealthy attacks.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.