Vulnerabilites related to cisco - secure_endpoint
cve-2023-20032
Vulnerability from cvelistv5
Published
2023-02-16 15:24
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.
This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.
For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Secure Web Appliance |
Version: 11.7.0-406 Version: 11.7.0-418 Version: 11.7.1-049 Version: 11.7.1-006 Version: 11.7.1-020 Version: 11.7.2-011 Version: 11.8.0-414 Version: 11.8.1-023 Version: 11.8.3-018 Version: 11.8.3-021 Version: 12.0.1-268 Version: 12.0.3-007 Version: 12.5.2-007 Version: 12.5.1-011 Version: 12.5.4-005 Version: 12.5.5-004 Version: 14.5.0-498 Version: 14.0.3-014 Version: 14.0.2-012 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-clamav-q8DThCy",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Web Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.7.0-406"
},
{
"status": "affected",
"version": "11.7.0-418"
},
{
"status": "affected",
"version": "11.7.1-049"
},
{
"status": "affected",
"version": "11.7.1-006"
},
{
"status": "affected",
"version": "11.7.1-020"
},
{
"status": "affected",
"version": "11.7.2-011"
},
{
"status": "affected",
"version": "11.8.0-414"
},
{
"status": "affected",
"version": "11.8.1-023"
},
{
"status": "affected",
"version": "11.8.3-018"
},
{
"status": "affected",
"version": "11.8.3-021"
},
{
"status": "affected",
"version": "12.0.1-268"
},
{
"status": "affected",
"version": "12.0.3-007"
},
{
"status": "affected",
"version": "12.5.2-007"
},
{
"status": "affected",
"version": "12.5.1-011"
},
{
"status": "affected",
"version": "12.5.4-005"
},
{
"status": "affected",
"version": "12.5.5-004"
},
{
"status": "affected",
"version": "14.5.0-498"
},
{
"status": "affected",
"version": "14.0.3-014"
},
{
"status": "affected",
"version": "14.0.2-012"
}
]
},
{
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "7.3.5"
}
]
},
{
"product": "Cisco Secure Endpoint Private Cloud Administration Portal",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"]."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that a proof-of-concept is available that demonstrates that this vulnerability can be used to cause a buffer overflow and subsequent process termination.\r\n\r\nAdditional technical information is also available that describes this vulnerability in detail.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:34.558Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-q8DThCy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"
}
],
"source": {
"advisory": "cisco-sa-clamav-q8DThCy",
"defects": [
"CSCwd74135",
"CSCwd74134",
"CSCwd74133",
"CSCwe18204",
"CSCwd74132"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20032",
"datePublished": "2023-02-16T15:24:05.173Z",
"dateReserved": "2022-10-27T18:47:50.315Z",
"dateUpdated": "2024-08-02T08:57:35.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20212
Vulnerability from cvelistv5
Published
2023-08-18 19:55
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Secure Endpoint |
Version: N/A |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-clamav-dos-FTkhqMWZ",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. \r\n\r This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "Expired Pointer Dereference",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:19.248Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-dos-FTkhqMWZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ"
}
],
"source": {
"advisory": "cisco-sa-clamav-dos-FTkhqMWZ",
"defects": [
"CSCwf30972",
"CSCwf30973"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20212",
"datePublished": "2023-08-18T19:55:33.359Z",
"dateReserved": "2022-10-27T18:47:50.367Z",
"dateUpdated": "2024-08-02T09:05:35.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-20796
Vulnerability from cvelistv5
Published
2022-05-04 17:06
Modified
2024-11-06 16:15
Severity ?
EPSS score ?
Summary
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco AMP for Endpoints |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220504 ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:27.623116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:15:40.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AMP for Endpoints",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-01T10:06:30.297206",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220504 ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"source": {
"advisory": "cisco-sa-clamav-dos-vL9x58p4",
"defect": [
[
"CSCwa85589",
"CSCwb13945",
"CSCwb13949"
]
],
"discovery": "INTERNAL"
},
"title": "ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20796",
"datePublished": "2022-05-04T17:06:09.040345Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:15:40.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-20785
Vulnerability from cvelistv5
Published
2022-05-04 17:05
Modified
2024-11-06 16:16
Severity ?
EPSS score ?
Summary
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco AMP for Endpoints |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220504 ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:01:30.923234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:16:00.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AMP for Endpoints",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-01T10:06:26.904654",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220504 ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"source": {
"advisory": "cisco-sa-clamav-html-XAuOK8mR",
"defect": [
[
"CSCwb30931",
"CSCwb30932",
"CSCwb30933"
]
],
"discovery": "INTERNAL"
},
"title": "ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20785",
"datePublished": "2022-05-04T17:05:57.272626Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:16:00.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20052
Vulnerability from cvelistv5
Published
2023-02-16 15:26
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Secure Endpoint |
Version: 6.0.9 Version: 6.0.7 Version: 6.1.5 Version: 6.1.7 Version: 6.1.9 Version: 6.2.1 Version: 6.2.5 Version: 6.2.19 Version: 6.2.9 Version: 6.3.5 Version: 6.3.1 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 7.1.5 Version: 1.12.1 Version: 1.12.2 Version: 1.12.5 Version: 1.12.0 Version: 1.12.6 Version: 1.12.3 Version: 1.12.7 Version: 1.12.4 Version: 1.13.0 Version: 1.13.1 Version: 1.13.2 Version: 1.11.0 Version: 1.10.2 Version: 1.10.1 Version: 1.10.0 Version: 1.14.0 Version: 1.6.0 Version: 1.9.0 Version: 1.9.1 Version: 1.8.1 Version: 1.8.0 Version: 1.8.4 Version: 1.7.0 Version: 7.2.13 Version: 7.2.7 Version: 7.2.3 Version: 7.2.11 Version: 7.2.5 Version: 7.3.3 Version: 7.3.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-clamav-xxe-TcSZduhN",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:38.974Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-xxe-TcSZduhN",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
}
],
"source": {
"advisory": "cisco-sa-clamav-xxe-TcSZduhN",
"defects": [
"CSCwd87111",
"CSCwd87112",
"CSCwd87113"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20052",
"datePublished": "2023-02-16T15:26:12.863Z",
"dateReserved": "2022-10-27T18:47:50.319Z",
"dateUpdated": "2024-08-02T08:57:35.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20084
Vulnerability from cvelistv5
Published
2023-11-22 17:09
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Secure Endpoint |
Version: 6.0.9 Version: 6.0.7 Version: 6.1.5 Version: 6.1.7 Version: 6.1.9 Version: 6.2.1 Version: 6.2.5 Version: 6.2.19 Version: 6.2.3 Version: 6.2.9 Version: 6.3.5 Version: 6.3.1 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 7.1.5 Version: 7.2.13 Version: 7.2.7 Version: 7.2.3 Version: 7.2.11 Version: 7.2.5 Version: 7.3.1 Version: 7.3.9 Version: 7.3.3 Version: 7.3.5 Version: 8.1.7 Version: 8.1.5 Version: 8.1.3.21242 Version: 8.1.7.21512 Version: 8.1.3 Version: 8.1.5.21322 Version: 8.1.7.21417 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-secure-endpoint-dos-RzOgFKnd",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-437",
"description": "Incomplete Model of Endpoint Features",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:42.470Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-secure-endpoint-dos-RzOgFKnd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"
}
],
"source": {
"advisory": "cisco-sa-secure-endpoint-dos-RzOgFKnd",
"defects": [
"CSCwh78740"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20084",
"datePublished": "2023-11-22T17:09:38.783Z",
"dateReserved": "2022-10-27T18:47:50.334Z",
"dateUpdated": "2024-08-02T08:57:35.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-20771
Vulnerability from cvelistv5
Published
2022-05-04 17:05
Modified
2024-11-06 16:16
Severity ?
EPSS score ?
Summary
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco AMP for Endpoints |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220504 ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:01:31.788166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:16:45.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AMP for Endpoints",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-01T10:06:20.369043",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220504 ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"source": {
"advisory": "cisco-sa-clamav-dos-ZAZBwRVG",
"defect": [
[
"CSCwb00437",
"CSCwb00438",
"CSCwb00439"
]
],
"discovery": "INTERNAL"
},
"title": "ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20771",
"datePublished": "2022-05-04T17:05:34.923275Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:16:45.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20197
Vulnerability from cvelistv5
Published
2023-08-16 21:43
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Secure Endpoint |
Version: 6.0.9 Version: 6.0.7 Version: 6.1.5 Version: 6.1.7 Version: 6.1.9 Version: 6.2.1 Version: 6.2.5 Version: 6.2.19 Version: 6.2.9 Version: 6.3.5 Version: 6.3.1 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 7.1.5 Version: 1.12.1 Version: 1.12.2 Version: 1.12.5 Version: 1.12.0 Version: 1.12.6 Version: 1.12.3 Version: 1.12.7 Version: 1.12.4 Version: 1.13.0 Version: 1.13.1 Version: 1.13.2 Version: 1.11.0 Version: 1.10.2 Version: 1.10.1 Version: 1.10.0 Version: 1.14.0 Version: 1.6.0 Version: 1.9.0 Version: 1.9.1 Version: 1.8.1 Version: 1.8.0 Version: 1.8.4 Version: 1.7.0 Version: 7.2.13 Version: 7.2.7 Version: 7.2.3 Version: 7.2.11 Version: 7.2.5 Version: 7.3.3 Version: 7.3.5 Version: 8.1.5 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-clamav-rNwNEEee",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-rNwNEEee"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "8.1.5"
}
]
},
{
"product": "Cisco Secure Endpoint Private Cloud Console",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:55.562Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-rNwNEEee",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-rNwNEEee"
}
],
"source": {
"advisory": "cisco-sa-clamav-rNwNEEee",
"defects": [
"CSCwf39307",
"CSCwf39308",
"CSCwf39309",
"CSCwf39310"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20197",
"datePublished": "2023-08-16T21:43:11.287Z",
"dateReserved": "2022-10-27T18:47:50.365Z",
"dateUpdated": "2024-08-02T09:05:35.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20290
Vulnerability from cvelistv5
Published
2024-02-07 16:16
Modified
2024-11-07 20:23
Severity ?
EPSS score ?
Summary
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Secure Endpoint |
Version: 6.0.9 Version: 6.0.7 Version: 6.1.5 Version: 6.1.7 Version: 6.1.9 Version: 6.2.1 Version: 6.2.5 Version: 6.2.19 Version: 6.2.3 Version: 6.2.9 Version: 6.3.5 Version: 6.3.1 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 7.1.5 Version: 7.2.13 Version: 7.2.7 Version: 7.2.3 Version: 7.2.11 Version: 7.2.5 Version: 7.3.1 Version: 7.3.9 Version: 7.3.3 Version: 7.3.5 Version: 8.1.7 Version: 8.1.5 Version: 8.1.3.21242 Version: 8.1.7.21512 Version: 8.1.3 Version: 8.1.5.21322 Version: 8.1.7.21417 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-clamav-hDffu6t",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T20:34:45.866511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:23:12.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
}
]
},
{
"product": "Cisco Secure Endpoint Private Cloud Administration Portal",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Secure Endpoint Private Cloud Console",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "Buffer Over-read",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T16:16:00.975Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-hDffu6t",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
}
],
"source": {
"advisory": "cisco-sa-clamav-hDffu6t",
"defects": [
"CSCwh88483",
"CSCwh88484"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20290",
"datePublished": "2024-02-07T16:16:00.975Z",
"dateReserved": "2023-11-08T15:08:07.627Z",
"dateUpdated": "2024-11-07T20:23:12.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-20770
Vulnerability from cvelistv5
Published
2022-05-04 17:05
Modified
2024-11-06 16:16
Severity ?
EPSS score ?
Summary
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco AMP for Endpoints |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:01:32.714443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:16:53.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco AMP for Endpoints",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-399",
"description": "CWE-399",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-01T10:06:22.000805",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
},
{
"name": "FEDORA-2022-b8691af27b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"name": "FEDORA-2022-0ac71a8f3a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"name": "FEDORA-2022-a910a41a17",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"name": "GLSA-202310-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-01"
}
],
"source": {
"advisory": "cisco-sa-clamav-dos-prVGcHLd",
"defect": [
[
"CSCwa95108",
"CSCwa95109",
"CSCwa95110"
]
],
"discovery": "INTERNAL"
},
"title": "ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20770",
"datePublished": "2022-05-04T17:05:29.271076Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:16:53.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-05-04 17:15
Modified
2024-11-21 06:43
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clamav | clamav | * | |
| clamav | clamav | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "27ADFD65-7F57-461B-AD74-FF8F7950B5E1",
"versionEndIncluding": "0.103.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA3B921-70F0-455E-84F0-EA08498AEB4D",
"versionEndIncluding": "0.104.2",
"versionStartIncluding": "0.104.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "2D18B72E-A39C-4355-880C-D8F56F69DEC1",
"versionEndExcluding": "1.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7EB9082D-A730-4BC0-A7C3-FD41C9B90C62",
"versionEndExcluding": "1.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "941865DD-D900-4FF7-B94B-8A4849653E01",
"versionEndExcluding": "7.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E65C72-96CF-445D-9A4C-ED82ED79882E",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30810C03-D9F9-4CD2-B276-11E9302F245C",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
},
{
"lang": "es",
"value": "El 20 de abril de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en el analizador de archivos CHM de Clam AntiVirus (ClamAV) versiones 0.104.0 hasta 0.104.2 y LTS versi\u00f3n 0.103.5 y anteriores, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. Para una descripci\u00f3n de esta vulnerabilidad, vea el blog de ClamAV. Este aviso ser\u00e1 actualizado a medida que est\u00e9 disponible informaci\u00f3n adicional"
}
],
"id": "CVE-2022-20770",
"lastModified": "2024-11-21T06:43:31.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-04T17:15:08.377",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "psirt@cisco.com",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-07 17:15
Modified
2024-11-21 08:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint_private_cloud | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "107EAB90-71E6-4FF7-BAA5-71F21C4FE683",
"versionEndExcluding": "7.5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2EA4AF93-6973-4F23-A173-99701A2FB637",
"versionEndExcluding": "8.2.3.30119",
"versionStartIncluding": "8.0.1.21160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10B7EE9-96DE-4761-834A-FA5C31326A23",
"versionEndExcluding": "3.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el analizador de formato de archivo OLE2 de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una comprobaci\u00f3n incorrecta de los valores de fin de cadena durante el an\u00e1lisis, lo que puede provocar una sobrelectura del b\u00fafer de almacenamiento din\u00e1mico. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo manipulado que contenga contenido OLE2 para que ClamAV lo analice en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante provocar que finalice el proceso de escaneo de ClamAV, lo que resultar\u00eda en una condici\u00f3n DoS en el software afectado y consumir\u00eda los recursos disponibles del sistema. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte el blog de ClamAV."
}
],
"id": "CVE-2024-20290",
"lastModified": "2024-11-21T08:52:14.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-07T17:15:10.517",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-04 17:15
Modified
2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clamav | clamav | 0.103.4 | |
| clamav | clamav | 0.103.5 | |
| clamav | clamav | 0.104.1 | |
| clamav | clamav | 0.104.2 | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:0.103.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C58DDEC-8869-4D04-88DA-B76E394E0C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.103.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E5521F-C8F7-4547-A441-E828F60F2C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.104.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E787093-A226-4CFB-9D3A-208FE9F085E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.104.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6585F37B-2DB2-407D-B801-2E54B95FFCAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "2D18B72E-A39C-4355-880C-D8F56F69DEC1",
"versionEndExcluding": "1.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7EB9082D-A730-4BC0-A7C3-FD41C9B90C62",
"versionEndExcluding": "1.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "941865DD-D900-4FF7-B94B-8A4849653E01",
"versionEndExcluding": "7.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E65C72-96CF-445D-9A4C-ED82ED79882E",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30810C03-D9F9-4CD2-B276-11E9302F245C",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog."
},
{
"lang": "es",
"value": "El 4 de mayo de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en versiones 0.103.4, 0.103.5, 0.104.1 y 0.104.2 de Clam AntiVirus (ClamAV) podr\u00eda permitir a un atacante local autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. Para una descripci\u00f3n de esta vulnerabilidad, vea el blog de ClamAV"
}
],
"id": "CVE-2022-20796",
"lastModified": "2024-11-21T06:43:34.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-04T17:15:08.797",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "psirt@cisco.com",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-16 22:15
Modified
2024-11-21 07:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint_private_cloud | * | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "FD7E5997-8229-4DE1-A1F7-0C3A2A65C71A",
"versionEndExcluding": "1.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "AC26FA0D-54D5-4600-A2F1-D715236CDCF2",
"versionEndExcluding": "1.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "973542E7-2835-46C0-B99D-BA294BBC5563",
"versionEndExcluding": "7.5.13.21586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E7C7440F-C62E-43F4-943E-161D9AB24C22",
"versionEndExcluding": "8.1.7.21585",
"versionStartIncluding": "8.0.1.21160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10B7EE9-96DE-4761-834A-FA5C31326A23",
"versionEndExcluding": "3.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ."
}
],
"id": "CVE-2023-20197",
"lastModified": "2024-11-21T07:40:48.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T22:15:10.510",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-rNwNEEee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-rNwNEEee"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:40
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint_private_cloud | * | |
| clamav | clamav | * | |
| clamav | clamav | * | |
| clamav | clamav | 1.0.0 | |
| clamav | clamav | 1.0.0 | |
| clamav | clamav | 1.0.0 | |
| stormshield | stormshield_network_security | * | |
| stormshield | stormshield_network_security | * | |
| stormshield | stormshield_network_security | * | |
| stormshield | stormshield_network_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "40572314-306A-4594-A279-216B8139B7A0",
"versionEndExcluding": "1.20.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "726A787E-E64F-4906-9BAE-4F79EB530F1F",
"versionEndExcluding": "1.21.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C4F63447-CA0E-43FC-8FF1-B4032D21E32A",
"versionEndExcluding": "7.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D0FC45E7-C4AB-4AC5-87AB-0ED1508CCFF3",
"versionEndExcluding": "8.1.5",
"versionStartIncluding": "8.0.1.21160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BFC8FC-6CF0-49DA-B4ED-5B7936A4233E",
"versionEndExcluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF08008-9C84-4075-8AB7-233209E4F3C0",
"versionEndIncluding": "0.103.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14FA7424-A3E5-4F46-83F8-E9767330F1CE",
"versionEndIncluding": "0.105.1",
"versionStartIncluding": "0.104.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A381BD3C-88E0-41FD-91E6-26BCF78B84CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "88BE0B1C-4515-40EA-ADDD-A04BF50743DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB00FEFE-F8A2-482D-A7EE-002DA4E10FF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88CF061E-FFD8-48DE-887F-2119C916E2B4",
"versionEndExcluding": "3.7.35",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F499B698-4EB6-4262-BAF4-9BDE7F114805",
"versionEndExcluding": "3.11.23",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40519377-ECDC-41E2-B6A6-7F601AC28ACD",
"versionEndExcluding": "4.3.17",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77BAC9BA-B215-490F-9202-617B1B4E7C8A",
"versionEndExcluding": "4.6.4",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process."
}
],
"id": "CVE-2023-20052",
"lastModified": "2024-11-21T07:40:26.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:11.980",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-04 17:15
Modified
2024-11-21 06:43
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clamav | clamav | * | |
| clamav | clamav | * | |
| clamav | clamav | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88C4C7F2-497A-44A1-80C2-E11A916767EF",
"versionEndExcluding": "0.103.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "27ADFD65-7F57-461B-AD74-FF8F7950B5E1",
"versionEndIncluding": "0.103.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E51033D-0691-499E-9279-C5C15CD498DF",
"versionEndExcluding": "0.104.2",
"versionStartIncluding": "0.104.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "2D18B72E-A39C-4355-880C-D8F56F69DEC1",
"versionEndExcluding": "1.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7EB9082D-A730-4BC0-A7C3-FD41C9B90C62",
"versionEndExcluding": "1.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "941865DD-D900-4FF7-B94B-8A4849653E01",
"versionEndExcluding": "7.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E65C72-96CF-445D-9A4C-ED82ED79882E",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30810C03-D9F9-4CD2-B276-11E9302F245C",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
},
{
"lang": "es",
"value": "El 20 de abril de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en el analizador de archivos HTML de Clam AntiVirus (ClamAV) versiones 0.104.0 a 0.104.2 y LTS versi\u00f3n 0.103.5 y anteriores, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. Para una descripci\u00f3n de esta vulnerabilidad, vea el blog de ClamAV. Este aviso ser\u00e1 actualizado a medida que se disponga de informaci\u00f3n adicional"
}
],
"id": "CVE-2022-20785",
"lastModified": "2024-11-21T06:43:33.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-04T17:15:08.680",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "psirt@cisco.com",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:40
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.
This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.
For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "40572314-306A-4594-A279-216B8139B7A0",
"versionEndExcluding": "1.20.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "726A787E-E64F-4906-9BAE-4F79EB530F1F",
"versionEndExcluding": "1.21.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C4F63447-CA0E-43FC-8FF1-B4032D21E32A",
"versionEndExcluding": "7.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D0FC45E7-C4AB-4AC5-87AB-0ED1508CCFF3",
"versionEndExcluding": "8.1.5",
"versionStartIncluding": "8.0.1.21160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BFC8FC-6CF0-49DA-B4ED-5B7936A4233E",
"versionEndExcluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFF7AB1-33C6-4627-9950-2F2E48BCCC7E",
"versionEndExcluding": "12.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8361D69-981F-4F28-86F9-EFF202C9E537",
"versionEndExcluding": "14.0.4-005",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6E494A-FCA7-4569-847D-2AA3C14C3E79",
"versionEndExcluding": "14.5.1-013",
"versionStartIncluding": "14.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8B1F66-9FD3-4970-BDA3-26241B18B4AA",
"versionEndExcluding": "15.0.0-254",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF08008-9C84-4075-8AB7-233209E4F3C0",
"versionEndIncluding": "0.103.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14FA7424-A3E5-4F46-83F8-E9767330F1CE",
"versionEndIncluding": "0.105.1",
"versionStartIncluding": "0.104.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A381BD3C-88E0-41FD-91E6-26BCF78B84CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "88BE0B1C-4515-40EA-ADDD-A04BF50743DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB00FEFE-F8A2-482D-A7EE-002DA4E10FF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88CF061E-FFD8-48DE-887F-2119C916E2B4",
"versionEndExcluding": "3.7.35",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F499B698-4EB6-4262-BAF4-9BDE7F114805",
"versionEndExcluding": "3.11.23",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40519377-ECDC-41E2-B6A6-7F601AC28ACD",
"versionEndExcluding": "4.3.17",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77BAC9BA-B215-490F-9202-617B1B4E7C8A",
"versionEndExcluding": "4.6.4",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"]."
}
],
"id": "CVE-2023-20032",
"lastModified": "2024-11-21T07:40:23.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T08:15:11.907",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-18 20:15
Modified
2024-11-21 07:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint_private_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "57FA75E8-D452-4A42-A7D8-064C3932888A",
"versionEndExcluding": "8.1.7.21585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10B7EE9-96DE-4761-834A-FA5C31326A23",
"versionEndExcluding": "3.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. \r\n\r This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el m\u00f3dulo AutoIt de ClamAV podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un error l\u00f3gico en la gesti\u00f3n de memoria de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un archivo AutoIt manipulado para ser escaneado por ClamAV en el dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante causar que el proceso de escaneo de ClamAV se reinicie inesperadamente, resultando en una condici\u00f3n de DoS. "
}
],
"id": "CVE-2023-20212",
"lastModified": "2024-11-21T07:40:53.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-18T20:15:09.773",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-825"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-22 17:15
Modified
2024-11-21 07:40
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "73BBFC84-0CBF-4A1A-BC85-58743828CB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.0.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "9CBD2020-8CEC-4803-B8D0-8B8C051E3A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.0.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "F61FA930-DE23-4BA5-B854-5E672534B14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "0DB04EC8-AE2F-4186-B9C1-C36CA7B639AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "D6D13A24-5CE0-44CD-A6FC-E0656C5FC99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "994F00AC-6728-455E-A785-65BBBE20C7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "18C64C5D-0100-4350-9784-90A214CD6A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C4D34D1-809E-4910-A23A-10DF0C1A6997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "C373761A-45AD-49E7-BF7E-27B7043A2769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8A3A132-D202-4E5D-B9C1-DAF2916008FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.19:*:*:*:*:windows:*:*",
"matchCriteriaId": "A4E9E097-45BA-4009-AD4E-D8182E6068FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "42A92525-2605-455D-93A9-E4AF1995CCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "10C46D21-DA26-46C6-9C1E-69A51D076210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "7B56C363-A5B8-4F91-8414-4271D83E997D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "6615CB6A-6B26-4F16-BC9B-6E8DB80B0DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.0.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "AF8AF3D2-0507-470E-B8EA-45D2427FAA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.1.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "AB6D5375-A4F4-4B24-B377-AE8DDA898F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.1.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "160F070E-CB81-4DA6-88D1-A01639B8D9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "879BF746-BF6F-4E19-9543-06DB4190F3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "3DCD32D3-5F52-45AC-952F-AED1DE87FDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "4E9E10B5-D259-4E9D-8688-3A48970FC28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.11:*:*:*:*:windows:*:*",
"matchCriteriaId": "BE6734FD-FD35-4BD9-AE25-DA01D6B985E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.13:*:*:*:*:windows:*:*",
"matchCriteriaId": "3C013C0C-C5E5-43A3-BFAB-7B92A86C6620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "0CA4FD17-D6EE-4DBE-9F29-39D7AC67F6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "E56295B4-219E-41FA-843C-A271DFC2D167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "60B7C0C9-401D-4658-A683-22300A0007B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "1796BB1E-C26E-4394-A8C9-55D27A08367D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "D427238E-BFDC-4567-BAF8-C2DC5DDB3F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.3.21242:*:*:*:*:windows:*:*",
"matchCriteriaId": "C5309996-3287-4844-A116-12EFE751DB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "53C0527C-79BB-4954-970F-04A06FBD13E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.5.21322:*:*:*:*:windows:*:*",
"matchCriteriaId": "94EFBC3A-9EA8-4922-BAB2-BA4AE6CC5287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "A9B45180-615C-40D4-A726-0B19EEEC1052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7.21417:*:*:*:*:windows:*:*",
"matchCriteriaId": "65D971B4-FC73-458C-80AA-A3EA0BB7DFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7.21512:*:*:*:*:windows:*:*",
"matchCriteriaId": "0CE68809-1B04-4C6D-AE6D-2AB8AE76DC5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35AC2B5C-975C-47E3-BC8B-AFFBBE59ED6F",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el software de endpoint de Cisco Secure Endpoint para Windows podr\u00eda permitir que un atacante local autenticado evada la protecci\u00f3n del endpoint dentro de un per\u00edodo de tiempo limitado. Esta vulnerabilidad se debe a un problema de sincronizaci\u00f3n que ocurre entre varios componentes de software. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que coloque un archivo malicioso en una carpeta espec\u00edfica y luego persuadi\u00e9ndolo para que ejecute el archivo dentro de un per\u00edodo de tiempo limitado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el software del terminal no ponga en cuarentena el archivo malicioso o finalice su proceso. Nota: Esta vulnerabilidad solo se aplica a implementaciones que tienen habilitada la funci\u00f3n Redirecci\u00f3n de carpetas de Windows."
}
],
"id": "CVE-2023-20084",
"lastModified": "2024-11-21T07:40:31.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-22T17:15:18.317",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-437"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-04 17:15
Modified
2024-11-21 06:43
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clamav | clamav | * | |
| clamav | clamav | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "27ADFD65-7F57-461B-AD74-FF8F7950B5E1",
"versionEndIncluding": "0.103.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA3B921-70F0-455E-84F0-EA08498AEB4D",
"versionEndIncluding": "0.104.2",
"versionStartIncluding": "0.104.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "2D18B72E-A39C-4355-880C-D8F56F69DEC1",
"versionEndExcluding": "1.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7EB9082D-A730-4BC0-A7C3-FD41C9B90C62",
"versionEndExcluding": "1.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "941865DD-D900-4FF7-B94B-8A4849653E01",
"versionEndExcluding": "7.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E65C72-96CF-445D-9A4C-ED82ED79882E",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30810C03-D9F9-4CD2-B276-11E9302F245C",
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
},
{
"lang": "es",
"value": "El 20 de abril de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en el analizador de archivos TIFF de Clam AntiVirus (ClamAV) versiones 0.104.0 a 0.104.2 y LTS versi\u00f3n 0.103.5 y anteriores, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. Para una descripci\u00f3n de esta vulnerabilidad, vea el blog de ClamAV. Este aviso ser\u00e1 actualizado a medida que est\u00e9 disponible informaci\u00f3n adicional"
}
],
"id": "CVE-2022-20771",
"lastModified": "2024-11-21T06:43:31.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-04T17:15:08.440",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "psirt@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "psirt@cisco.com",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}