CVE-2024-20290

Description

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Cisco / Cisco Secure Endpoint6.0.9 – 6.0.9
Cisco / Cisco Secure Endpoint6.0.7 – 6.0.7
Cisco / Cisco Secure Endpoint6.1.5 – 6.1.5
Cisco / Cisco Secure Endpoint6.1.7 – 6.1.7
Cisco / Cisco Secure Endpoint6.1.9 – 6.1.9
Cisco / Cisco Secure Endpoint6.2.1 – 6.2.1
Cisco / Cisco Secure Endpoint6.2.5 – 6.2.5
Cisco / Cisco Secure Endpoint6.2.19 – 6.2.19
Cisco / Cisco Secure Endpoint6.2.3 – 6.2.3
Cisco / Cisco Secure Endpoint6.2.9 – 6.2.9
Cisco / Cisco Secure Endpoint6.3.5 – 6.3.5
Cisco / Cisco Secure Endpoint6.3.1 – 6.3.1
Cisco / Cisco Secure Endpoint6.3.7 – 6.3.7
Cisco / Cisco Secure Endpoint6.3.3 – 6.3.3
Cisco / Cisco Secure Endpoint7.0.5 – 7.0.5
Cisco / Cisco Secure Endpoint7.1.1 – 7.1.1
Cisco / Cisco Secure Endpoint7.1.5 – 7.1.5
Cisco / Cisco Secure Endpoint7.2.13 – 7.2.13
Cisco / Cisco Secure Endpoint7.2.7 – 7.2.7
Cisco / Cisco Secure Endpoint7.2.3 – 7.2.3
Cisco / Cisco Secure Endpoint7.2.11 – 7.2.11
Cisco / Cisco Secure Endpoint7.2.5 – 7.2.5
Cisco / Cisco Secure Endpoint7.3.1 – 7.3.1
Cisco / Cisco Secure Endpoint7.3.9 – 7.3.9
Cisco / Cisco Secure Endpoint7.3.3 – 7.3.3
Cisco / Cisco Secure Endpoint7.3.5 – 7.3.5
Cisco / Cisco Secure Endpoint8.1.7 – 8.1.7
Cisco / Cisco Secure Endpoint8.1.5 – 8.1.5
Cisco / Cisco Secure Endpoint8.1.3.21242 – 8.1.3.21242
Cisco / Cisco Secure Endpoint8.1.7.21512 – 8.1.7.21512
Cisco / Cisco Secure Endpoint8.1.3 – 8.1.3
Cisco / Cisco Secure Endpoint8.1.5.21322 – 8.1.5.21322
Cisco / Cisco Secure Endpoint8.1.7.21417 – 8.1.7.21417
Cisco / Cisco Secure Endpoint Private Cloud Administration PortalN/A – N/A
Cisco / Cisco Secure Endpoint Private Cloud ConsoleN/A – N/A

Description

CVSS breakdown

Affected products

References