Components Affected
• Cisco Secure Endpoint Connector for Linux versions prior to 1.25.1
• Cisco Secure Endpoint Connector for Mac versions prior to 1.24.4
• Cisco Secure Endpoint Connector for Windows versions prior to 7.5.20
• Cisco Secure Endpoint Connector for Windows versions prior to 8.4.3
• Cisco Secure Endpoint Private Cloud versions prior to 4.2.0
Overview
A vulnerability was identified in Cisco ClamAV, where a remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Description
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption process of ClamAV could enable a remote, unauthenticated attacker to trigger a denial of service (DoS) on a vulnerable device. This issue arises from an integer underflow during a bounds check, leading to a heap buffer overflow read. By submitting a specially crafted file with OLE2 content to be scanned by ClamAV, an attacker could exploit this vulnerability. If successful, the attacker could disrupt the ClamAV scanning process, causing a DoS condition in the affected software.
Impact
• Denial of Service
Solution/ Workarounds
Before installation of the software, please visit the vendor website for more details.
Apply fixes issued by the vendor:
• ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
Reference
• Cisco ClamAV Denial of Service Vulnerability
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind