Cisco on Wednesday announced updates for endpoint, cloud, and web security products to address a critical vulnerability in third-party scanning library ClamAV. Tracked as CVE-2023-20032 (CVSS score of 9.8), the issue resides in the HFS+ file parser and impacts ClamAV versions 0.103.7 and earlier, 0.105.1 and earlier, and 1.0.0 and earlier. According to Cisco, “A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.”
In addition to the critical vulnerability, Cisco also patched high-severity issues in Nexus Dashboard software and Secure Email Gateway, as well as three medium-severity bugs in AsyncOS software for Secure Web Appliance, Nexus Dashboard, and Identity Services Engine (ISE). Tracked as CVE-2023-20009, the first of the flaws could allow an attacker (remote or local) to elevate privileges to root. The second issue, CVE-2023-20075, impacts Secure Email Gateway only, and could allow an authenticated, local attacker, to execute arbitrary commands.
Cisco says it is not aware of any of these vulnerabilities being exploited in attacks. “Users of versions 2.2, 2.1, or 2.0 and earlier of the networking software are advised to upgrade to a patched release as soon as possible,” the company concluded.