Denial of Service Vulnerability in Cisco ClamAV

Severity Level: High

Date: 23/01/2025

Ref: CERT-NCSOC-0228

Components Affected

• Cisco Secure Endpoint Connector for Linux versions prior to 1.25.1
• Cisco Secure Endpoint Connector for Mac versions prior to 1.24.4
• Cisco Secure Endpoint Connector for Windows versions prior to 7.5.20
• Cisco Secure Endpoint Connector for Windows versions prior to 8.4.3
• Cisco Secure Endpoint Private Cloud versions prior to 4.2.0

Overview

A vulnerability was identified in Cisco ClamAV, where a remote attacker could exploit this vulnerability to trigger a denial of service condition on the targeted system.

Description

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption process of ClamAV could enable a remote, unauthenticated attacker to trigger a denial of service (DoS) on a vulnerable device. This issue arises from an integer underflow during a bounds check, leading to a heap buffer overflow read. By submitting a specially crafted file with OLE2 content to be scanned by ClamAV, an attacker could exploit this vulnerability. If successful, the attacker could disrupt the ClamAV scanning process, causing a DoS condition in the affected software.

Impact

• Denial of Service

Solution/Workarounds

• Before installation of the software, please visit the vendor website for more details. Apply fixes issued by the vendor: Cisco Security Advisory

Reference

• HKCERT Security Bulletin

Disclaimer

The information provided herein is on an "as is" basis, without warranty of any kind.