Antivirus Apps Are There to Protect You - Cisco's ClamAV Has a Heckuva Flaw
An Anonymous Coward writes:
Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution:
Antivirus software is supposed to be an important part of an organization's defense against the endless tide of malware.
Cisco's open source ClamAV can fill that role - once you patch the 9.8/10 rated arbitrary code execution flaw the networking giant revealed on Wednesday.
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code," states Cisco's security advisory, which identifies the issue as CVE-2023-20032.
[...] ClamAV's blog reveals a second flaw in the software: CVE-2023-20052.
Both are patched in version 1.01 of the application, available here.
[...] But fixing ClamAV is not the end of the story. Addressing the faulty file parser also requires updates to other Cisco products, including the Secure Web Appliance hardware. The Secure Endpoint Private Cloud also needs a fix, as does Cisco's Secure Endpoint product (formerly known as Advanced Malware Protection for Endpoints) for Linux, Windows, and macOS.
Read more of this story at SoylentNews.