ClamAV Gets a Check-Up: Cisco Patches Critical Vulnerability to Keep Crustaceans Safe

Share This Post

Cisco has released security updates to address a severe vulnerability that affects the ClamAV open source antivirus engine, which could lead to remote code execution on vulnerable devices. The flaw resides in the HFS+ file parser component and is tracked as CVE-2023-20032. Versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier are affected. Successful exploitation of the weakness could allow an attacker to run arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the process, leading to a denial-of-service (DoS) condition. Cisco has also addressed a remote information leak vulnerability in ClamAV’s DMG file parser (CVE-2023-20052), which could be exploited by an unauthenticated, remote attacker. Cisco recommends that customers upgrade to ClamAV versions 0.103.8, 0.105.2, and 1.0.1 to address both vulnerabilities.

https://thehackernews.com/2023/02/critical-rce-vulnerability-discovered.html

https://www.itnews.com.au/news/clamav-vulnerability-hits-cisco-security-software-591013



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.