Security News > 2023 > February > Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)

A critical vulnerability in the ClamAV scanning library used by its Secure Endpoint, Secure Endpoint Private Cloud, and Secure Web Appliance, and.

High-risk vulnerabilities affecting Email Security Appliance and Cisco Secure Email and Web Manager, proof-of-concept exploit code for which is already available.

CVE-2023-20032 is a vulnerability in the HFS+ partition file parser of various versions of ClamAV, a free cross-platform antimalware toolkit maintained by Cisco Talos.

"This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service condition," Cisco explained.

Versions of ClamAV including the fix - and a fix for CVE-2023-20052, an information leak flaw - have been released on Wednesday, but since the library is also used in the Secure Web Appliance and Secure Endpoint solutions and there is no workaround, those have to be updated as well.

Admins in charge of Email Security Appliances and Cisco Secure Email and Web Manager instances should implement the security updates quickly, to fix a privilege escalation and command injection vulnerability.

News URL

https://www.helpnetsecurity.com/2023/02/17/cve-2023-20032-cve-2023-20009-cve-2023-20075/