CVE-2024-20506

Summary

A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.

The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.

Affected Software

VendorProductVersion RangeStatus
CiscoClamAV1.4.0affected
CiscoClamAV1.3.2affected
CiscoClamAV1.0.6affected
CiscoClamAV1.0.5affected
CiscoClamAV1.0.4affected
CiscoClamAV1.0.3affected
CiscoClamAV1.0.2affected
CiscoClamAV1.0.1affected
CiscoClamAV1.0.0affected
CiscoClamAV1.2.xaffected
CiscoClamAV0.105.xaffected
CiscoClamAV0.104.xaffected
CiscoClamAV0.103.11affected
CiscoClamAV0.103.10affected
CiscoClamAV0.103.9affected
CiscoClamAV0.103.8affected
CiscoClamAV0.103.7affected
CiscoClamAV0.103.6affected
CiscoClamAV0.103.5affected
CiscoClamAV0.103.4affected
CiscoClamAV0.103.3affected
CiscoClamAV0.103.2affected
CiscoClamAV0.103.1affected
CiscoClamAV0.103.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References