In order to address a serious vulnerability discovered in the ClamAV open-source antivirus engine that might allow remote code execution on vulnerable systems, Cisco has released security upgrades.
The problem, identified as CVE-2023-20032 (CVSS rating: 9.8), concerns a remote code execution scenario present in the HFS+ file parser component.
Versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier are affected by the bug. The flaw was found and reported by Simon Scannell, a security engineer with Google.
If the flaw is successfully exploited, the adversary may be able to crash the ClamAV scanning process and cause a denial-of-service (DoS) problem, or they may be able to run any arbitrary code with the same rights as the ClamAV scanning process.
The products listed below, according to networking equipment, are vulnerable:
Advanced Malware Prevention (AMP) for Endpoints, formerly known as Safe Endpoint (Windows, macOS, and Linux).
Safe Web Appliance, formerly known as Web Security Appliance .
Secure Endpoint Private Cloud.
It was additionally established that the products Secure Email Gateway (formerly known as Email Security Appliance) and Secure Email and Web Manager (previously known as Security Management Appliance) are unaffected by the vulnerability.