CVE-2024-20506
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | ClamAV | 1.4.0 | affected |
| Cisco | ClamAV | 1.3.2 | affected |
| Cisco | ClamAV | 1.0.6 | affected |
| Cisco | ClamAV | 1.0.5 | affected |
| Cisco | ClamAV | 1.0.4 | affected |
| Cisco | ClamAV | 1.0.3 | affected |
| Cisco | ClamAV | 1.0.2 | affected |
| Cisco | ClamAV | 1.0.1 | affected |
| Cisco | ClamAV | 1.0.0 | affected |
| Cisco | ClamAV | 1.2.x | affected |
| Cisco | ClamAV | 0.105.x | affected |
| Cisco | ClamAV | 0.104.x | affected |
| Cisco | ClamAV | 0.103.11 | affected |
| Cisco | ClamAV | 0.103.10 | affected |
| Cisco | ClamAV | 0.103.9 | affected |
| Cisco | ClamAV | 0.103.8 | affected |
| Cisco | ClamAV | 0.103.7 | affected |
| Cisco | ClamAV | 0.103.6 | affected |
| Cisco | ClamAV | 0.103.5 | affected |
| Cisco | ClamAV | 0.103.4 | affected |
| Cisco | ClamAV | 0.103.3 | affected |
| Cisco | ClamAV | 0.103.2 | affected |
| Cisco | ClamAV | 0.103.1 | affected |
| Cisco | ClamAV | 0.103.0 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.