• For Enquiry
  • Sales : 888-308-8879
  • Technical : 847-868-9208
Serious Security Flaw in Cisco ClamAV DiscoveredSerious Security Flaw in Cisco ClamAV DiscoveredSerious Security Flaw in Cisco ClamAV DiscoveredSerious Security Flaw in Cisco ClamAV Discovered
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Legal
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
  • Locations
    • Northfield, IL
    • Chicago Illinois
    • Miami Florida
    • Schaumburg, Illinois
  • Support
✕
Everything You Need to Know About the Pepsi Data Breach
March 3, 2023
GoDaddy Finds Multiple-Year Security Breach
March 6, 2023

Serious Security Flaw in Cisco ClamAV Discovered

March 4, 2023

It is ironic when software designed to protect is vulnerable to threats. That is the case here. Experts discovered the ClamAV free anti-malware program has a serious security risk.

Investigations revealed the security threat is in its scanning library. It was tracked as CVE- 2023-20032. The risk affects several other products from Cisco.

What Is ClamAV?
The ClamAV anti-malware scans for potential threats. The program only ran on Unix in the past. But after acquiring the technology 10 years ago, Cisco worked on it, so it could now run on Linux, Windows, and macOS.

The primary use case of the technology is for email servers. It could check for threats in
emails. The goal was to prevent malware from entering the system through this. The program comes with other products from Cisco.

Vulnerabilities Created By ClamAV
Security experts found that the vulnerability affects other products. It particularly poses a risk for Secure Web Appliance and Cisco Secure Endpoint.

The investigation revealed ClamAV pushes malicious code to endpoint devices. A
vulnerability in the HFS+ partition file parser creates the mechanism.

What this means is that attackers could exploit the vulnerability. They could use an arbitrary code to crash the process. It creates a condition like a denial of service or DoS.

The flaw affects versions 1.0.0 and earlier.

Protection From Vulnerabilities
The best way to protect against vulnerabilities is to stay updated. Cisco released a patch when it discovered the flaw. The patch addresses the problem and removes it.

Google security engineer Simon Scannel discovered and reported the flaw. There is no
evidence that attackers were exploiting it before. That is the good news. Users now need to
patch their ClamAV version. That way, potential attackers could no longer exploit the flaw.

Updates could be annoying. They come at the worst times. But they are crucial for every
user. Blocking updates could stop patches needed to remove flaws. These patches fix
potential threats. If not addressed, cybercriminals could exploit it.

Take time to ensure endpoint devices update. And if you find anything curious, report it.
Companies can fix flaws only if they know about them.

Share
62
taylor
taylor

Related posts

November 17, 2023

Navigating Data Privacy Laws and Cybersecurity Compliance: Safeguarding Your Business in the Digital Era


Read more
November 17, 2023

Mastering Passwords: Essential Practices for Digital Security


Read more
November 10, 2023

Layered Defense: The Power of MFA


Read more

Leave a Reply Cancel reply

You must be logged in to post a comment.

© 2023 All Rights Reserved | Powered by CIO Landing