XML External Entity Injection in ClamAV Scanning Library
CVE-2023-20052

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Endpoint
Vendor: CVE Published:; 1 March 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability in the DMG file parser of ClamAV allows unauthenticated remote attackers to exploit XML entity substitution. This flaw enables attackers to submit a crafted DMG file for scanning, potentially leading to the leakage of sensitive information from files accessed during the scanning process. The affected versions include ClamAV 1.0.0 and earlier, as well as 0.105.1 and 0.103.7 and earlier.

Affected Version(s)

Cisco Secure Endpoint 6.0.9

Cisco Secure Endpoint 6.0.7

Cisco Secure Endpoint 6.1.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-20052
Created by nokn0wthing

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jul 19, 2023
👾
Exploit known to exist
Jul 19, 2023
Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Oct 27, 2022