March 26, 2023

A critical vulnerability in Cisco’s ClamAV open-source AV solution has been patched. This flaw could allow remote code execution on infected devices

The vulnerability tracked as CVE-2023-20032 with a CVSS score of 9.8 affects versions 1.0.0 and earlier, 0.105.1 and prior, and 0.103.7 were discovered to be affected by the problem.

According to Cisco, The ClamAV HFS+ file parser issue might allow an unauthenticated, remote attacker to execute arbitrary code with the same rights as ClamAV’ s scanning procedure and cause a denial-of-service scenario by crashing this process.

Advertisements

This flaw affects Secure Endpoint, formerly known as Advanced Malware Prevention. Linux, macOS, and Windows users are all impacted. Cisco’s Secure Endpoint Private cloud and Secure Web Appliance, formerly known as Web Security Appliance, were also affected.

But Cisco Secure Email Gateway, and Secure Email and Web Management, are unaffected by the vulnerability.

Cisco PSIRT says with No evidence suggests that the flaw has been actively used in the wild yet. To reduce risk, Cisco advised users to apply patches right away.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review – March 25th, 2023

TheCyberThrone Security Week In Review – March 25th, 2023

March 26, 2023
ChatGPT for Google- Harvest Facebook Accounts

ChatGPT for Google- Harvest Facebook Accounts

March 26, 2023
Pwn2Own Vancouver 2023 – Day 3 Summary

Pwn2Own Vancouver 2023 – Day 3 Summary

March 25, 2023
Nexus Android Banking Trojan

Nexus Android Banking Trojan

March 25, 2023
CISA Releases Untitled Goose Tool

CISA Releases Untitled Goose Tool

March 25, 2023
Critical Vulnerability in Woocommerce Payment Plugin

Critical Vulnerability in Woocommerce Payment Plugin

March 25, 2023
%d bloggers like this: