IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cisco issues patch for critical vulnerability in open source ClamAV antivirus

Cisco said there is no evidence to suggest the vulnerability has been actively exploited

Cisco has issued a patch for a critical vulnerability discovered in its ClamAV open source antivirus software.

Tracked as CVE-2023-20032, Cisco said the flaw could enable remote code execution on vulnerable devices and was given a ‘critical’ CVSSv3 rating of 9.8.  

The issue was found to affect versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7.  

In an advisory posted on 15 February, Cisco said the flaw affected the ClamAV HFS+ file parser, and could enable an “unauthenticated, remote attacker to execute arbitrary code” with the same privileges of ClamAV’s scanning process.  

The firm added that the vulnerability could also crash this process, resulting in a denial of service (DoS) condition.  

“This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write,” the company said. “An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.” 

Vulnerable products 

Cisco confirmed that several products could be at risk due to the vulnerability. This includes Secure Endpoint, formerly known as Advanced Malware Protection (AMP), for endpoints.  

Users on Windows, macOS, and Linux are all affected.

Related Resource

Nine steps to proactively manage data privacy and protection

Build trust with your employees, customers, and third parties

Whitepaper cover with image of female employee wearing glasses, smiling at camera Free Download

Cisco’s Secure Endpoint Private cloud and Secure Web Appliance, formerly Web Security Appliance, are also affected.  

The company emphasised that the vulnerability does not affect other key products, such as its Secure Email Gateway and Secure Email and Web Manager.  

At present, there is no indication that the flaw has been actively exploited in the wild. However, Cisco urged users to patch immediately to mitigate risk. 

“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” the firm said. 

What is ClamAV? 

Clam AV is an open source antivirus platform which provides antimalware protection for users. The engine offers a range of anti-virus solutions, including email and web scanning, and endpoint security.  

Statistics from Slintel show that ClamAV is used by more than 300 companies globally. 

The engine was originally developed for Unix, but has third-party versions available to users of macOS, Linux, and Microsoft Windows, among others.  

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Most Popular

HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023