CVE-2023-20212

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 18, 2023
Updated: Jan 25, 2024
CWE ID 825

Summary

CVE-2023-20212 is a newly disclosed vulnerability that affects the AutoIt module of ClamAV. This logic error in memory management can allow unauthenticated, remote attackers to trigger a denial of service (DoS) condition on an affected device. An assailant can exploit this flaw by submitting a specially crafted AutoIt file to be scanned by ClamAV, thereby causing the scanning process to unexpectedly restart and resulting in a DoS condition. This vulnerability poses a significant risk to systems running ClamAV and requires immediate attention from administrators to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Secure Endpoint

Affected Vendors

  • Cisco Systems Inc