Cisco issues patch for critical vulnerability in open source ClamAV antivirus

News
By Ross Kelly
published

Cisco said there is no evidence to suggest the vulnerability has been actively exploited

Digital umbrella in neon blue blocking rainfall made up of neon red binary code, connoting antivirus
(Image credit: Getty Images)

Cisco has issued a patch for a critical vulnerability discovered in its ClamAV open source antivirus software.

Tracked as CVE-2023-20032, Cisco said the flaw could enable remote code execution on vulnerable devices and was given a ‘critical’ CVSSv3 rating of 9.8.

The issue was found to affect versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7.

Microsoft patches three zero days, 77 security vulnerabilities in February Patch Tuesday Up to 350,000 open source projects vulnerable to 15-year-old Python bug Existential tensions put open source on path to crisis point

In an advisory posted on 15 February, Cisco said the flaw affected the ClamAV HFS+ file parser, and could enable an “unauthenticated, remote attacker to execute arbitrary code” with the same privileges of ClamAV’s scanning process.

The firm added that the vulnerability could also crash this process, resulting in a denial of service (DoS) condition.

“This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write,” the company said. “An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.”

Vulnerable products

Cisco confirmed that several products could be at risk due to the vulnerability. This includes Secure Endpoint, formerly known as Advanced Malware Protection (AMP), for endpoints.

Users on Windows, macOS, and Linux are all affected.

RELATED RESOURCE

Nine steps to proactively manage data privacy and protection

Build trust with your employees, customers, and third parties

FREE DOWNLOAD

Cisco’s Secure Endpoint Private cloud and Secure Web Appliance, formerly Web Security Appliance, are also affected.

The company emphasised that the vulnerability does not affect other key products, such as its Secure Email Gateway and Secure Email and Web Manager.

At present, there is no indication that the flaw has been actively exploited in the wild. However, Cisco urged users to patch immediately to mitigate risk.

“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” the firm said.

What is ClamAV?

Clam AV is an open source antivirus platform which provides antimalware protection for users. The engine offers a range of anti-virus solutions, including email and web scanning, and endpoint security.

Statistics from Slintel show that ClamAV is used by more than 300 companies globally.

The engine was originally developed for Unix, but has third-party versions available to users of macOS, Linux, and Microsoft Windows, among others.

Ross Kelly
Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.