Flash Notice: Four Vulnerabilities Found in Cisco Security Products

overview

Two vulnerabilities were found in the ClamAV scanning library – an open-source cross-platform antimalware toolkit. The tool can detect, viruses, trojans, and other kinds of malware.  

CVE-2023-20032 is critical and has a CVSS score of 9.8. The vulnerability is an HFS+ file parser flaw that impacts ClamAV versions 0.103.7 and earlier, 0.105.1 and earlier, and 1.0.0 and earlier. If the parser fails to perform a buffer check, there is a risk of a heap buffer overflow write. CVE-2023-20032 could be exploited by an attacker who submits a specially crafted HFS+ partition file for scanning. Cisco's advisory states that an attacker could execute arbitrary code using the privileges of the ClamAV scanning process or cause the process to crash, leading to a denial-of-service scenario. 

CVE-2023-20052 has a medium CVSS score of 5.3. The vulnerability is a DMG file parsing XML entity flaw that’s triggered by scanning crafted DMG files. If successful, an unauthenticated, remote attacker could access sensitive information on an affected device. CVE-2023-20052 impacts ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.  

There are also two other Cisco vulnerabilities unrelated to ClamAv that are high-risk. CVE-2023-20009 is a privilege escalation vulnerability that impacts Cisco Email Security Appliances and Cisco Secure Email and Web Manager. CVE-2023-20075 is a command injection vulnerability that impacts Cisco Email Security Appliances. If an attacker has valid user credentials, they could elevate their privileges to root and execute arbitrary commands on an impacted device.  

Due to there being no available workarounds for the mentioned vulnerabilities, Avertium strongly advises applying the appropriate patches as soon as possible.  

avertium's recommendations

• Patch Guidance for CVE-2023-20032 can be found in the following Cisco advisory.  
• Patch Guidance for CVE-2023-20052 can be found in the following Cisco advisory.  
• Patch Guidance for CVE-2023-20075 and CVE-2023-20009 can be found in the following Cisco advisory.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-20032, CVE-2023-20052, CVE-2023-20075, and CVE-2023-20009. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
• Avertium offers VMaaS to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap. 

SUPPORTING DOCUMENTATION