Cisco Secure Endpoint Critical Vulnerabilities – ClamAV
Multiple Cisco products affected by ClamAV critical vulnerability
Security Advisory
Cisco released a security advisory on 15th February, updated 17th February, for a Critical severity vulnerability relating to the ClamAV scanning library in multiple Secure Endpoint products and in Secure Web Appliance. CVSS 3.1: 9.8.
The vulnerability exists in the HFS+ partition file parser of multiple ClamAV versions. An attacker could craft a malicious file, submit it to ClamAV for scanning, and execute code with the privileges of the ClamAV process (presumably as SYSTEM), or crash ClamAV.
A further description of the vulnerability is available at the ClamAV blog.
Secure Endpoint, formerly known as Advanced Malware Protection (AMP/AMP for Endpoints) is an Endpoint Detection and Response (EDR) application for Windows, Linux, and macOS.
If you manage your own Secure Endpoint clients then all endpoints should be updated ASAP.
Vulnerable Products
The following Cisco products are vulnerable:
- Secure Endpoint for Windows
- < 7.5.9
- < 8.1.5
- Secure Endpoint for Linux
- < 1.20.2
- Secure Endpoint for macOS
- < 1.21.1
- Secure Endpoint Private Cloud
- < 3.6.0
- Secure Web Appliance
- < 12.5.6
- < 14.0.4-005
- < 14.5.1-013
- < 15.0.0-254