CVE-2023-20212
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition.
Una vulnerabilidad en el módulo AutoIt de ClamAV podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un error lógico en la gestión de memoria de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad enviando un archivo AutoIt manipulado para ser escaneado por ClamAV en el dispositivo afectado. Un exploit exitoso podría permitir al atacante causar que el proceso de escaneo de ClamAV se reinicie inesperadamente, resultando en una condición de DoS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-27 CVE Reserved
- 2023-08-18 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-825: Expired Pointer Dereference
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Secure Endpoint Search vendor "Cisco" for product "Secure Endpoint" | < 8.1.7.21585 Search vendor "Cisco" for product "Secure Endpoint" and version " < 8.1.7.21585" | linux |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Endpoint Private Cloud Search vendor "Cisco" for product "Secure Endpoint Private Cloud" | < 3.8.0 Search vendor "Cisco" for product "Secure Endpoint Private Cloud" and version " < 3.8.0" | - |
Affected
|