Connect with us

Hi, what are you looking for?

Cyber Security

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw

A security flaw in a bundle anti-malware scanner product has created a serious security risk for some products from networking giant Cisco.

More particularly, a vulnerability in the ClamAV scanning library (tracked as CVE-2023-20032) created a critical security risk for Cisco’s Secure Web Appliance as well as various versions of Cisco Secure Endpoint (including Windows, MacOS, Linux, and cloud).

Cisco released an advisory on the vulnerability – alongside patches for affected products – last week. Although the vulnerability is not under active attack, patching is nonetheless recommended.

The partition scanning buffer overflow vulnerability poses a critical risk to vulnerable technologies.

As explained in Cisco’s security advisory, a vulnerability in the HFS+ partition file parser of ClamAV creates a mechanism to push malicious code onto either endpoint devices or vulnerable instances of Cisco’s Secure Web Appliance.

The vulnerability, which stems from an absent buffer size check, creates a heap buffer overflow risk in scanning HFS+ partition file. An attacker might be able to create a malicious partition file before offering it up for scanning by ClamAV.

“A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition,” Cisco’s advisory explains.

Use case

ClamAV (Clam AntiVirus) is a free software, anti-malware toolkit originally developed for Unix. The technology – acquired by Cisco through an acquisition 10 years ago, has been ported to run on various operating systems including Linux, macOS, and Windows.

One of the main use cases for the technology is on mail servers as a server-side malware-in-email scanner.

However, Cisco has confirmed that neither its Secure Email Gateway nor its Secure Email and Web Manager appliances are vulnerable to this particular security bug.

Who guards the guards?

Any vulnerability in a security utility that allows potential miscreants to hack into affected devices show how tools designed to increase security can increase the attack surface exposed to potential attackers.

The security flaw in ClamAV’s HFS+ partition file parser, along with lesser a remote information leak vulnerability (tracked as CVE-2023-20052) in the DMG file parser of the same technology, were both discovered by Google engineer Simon Scannell. Google notified Cisco about security bugs in ClamAV last August.

An advisory by Google, posted on GitHub, offers a full technical run-down of the more serious CVE-2023-20032 vulnerability and its potential exploitation.

“We rate the vulnerability as high severity as the buffer overflow can be triggered when a scan is run with CL_SCAN_ARCHIVE enabled, which is enabled by default in most configurations.

“This feature is typically used to scan incoming emails on the backend of mail servers. As such, a remote, external, unauthenticated attacker can trigger this vulnerability,” Cisco’s advisory explains.

Advertisement. Scroll to continue reading.

technical blog post by German cybersecurity vendor ONEKEY concludes that the two flaws in ClamAV illustrate that “file format parsing is a difficult and complex endeavor”.

Copyright 2021 Associated Press. All rights reserved.

Source: https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO