Denial of Service Vulnerability in ClamAV on Cisco Appliances
CVE-2016-1405

7.5HIGH

Key Information:

Vendor

Clamav

Status
Clamav
Email Security Appliance
Web Security Appliance
Vendor
CVE Published:
8 June 2016

What is CVE-2016-1405?

The libclamav component of ClamAV, utilized in Cisco's Advanced Malware Protection (AMP), is susceptible to a denial of service condition. This vulnerability can be exploited by remote attackers using specially crafted documents, causing the AMP process to restart. This issue affects specific versions of Cisco Email Security Appliances and Web Security Appliances, highlighting the need for timely updates to secure systems against such disruptions.

References

http://www.securityfocus.com/bid/90968
vdb-entryx_refsource_BID
https://github.com/vrtadmin/clamav-devel/blob/master/Chan...
x_refsource_MISC
http://www.ubuntu.com/usn/USN-3093-1
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.