CVE-2023-20052

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_endpoint_private_cloud::::::::
	cpe:2.3:a:cisco:secure_endpoint::::::windows::*
	cpe:2.3:a:cisco:secure_endpoint::::::windows::*
	cpe:2.3:a:cisco:secure_endpoint::::::linux::*
	cpe:2.3:a:cisco:secure_endpoint::::::macos::*

Configuration 2 (hide)

OR	cpe:2.3:a:clamav:clamav:1.0.0:rc::::::
	cpe:2.3:a:clamav:clamav:1.0.0:rc2::::::
	cpe:2.3:a:clamav:clamav:1.0.0:-::::::
	cpe:2.3:a:clamav:clamav::::::::
	cpe:2.3:a:clamav:clamav::::::::

Information

Published : 2023-03-01 00:15

Updated : 2023-03-13 06:52

NVD link : CVE-2023-20052

Mitre link : CVE-2023-20052

JSON object : View

CWE

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Advertisement

Products Affected

cisco

secure_endpoint_private_cloud
secure_endpoint

clamav

clamav

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-776"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-20052", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2023-03-01T08:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.6.0"}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.1.5", "versionStartIncluding": "8.0.1.21160"}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.5.9"}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.20.2"}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.21.1"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:clamav:clamav:1.0.0:rc:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:clamav:clamav:1.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:clamav:clamav:1.0.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.103.7"}, {"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.105.1", "versionStartIncluding": "0.104.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-13T13:52Z"}