BDU:2022-02932

BDU

High

Уязвимость библиотеки сканирования пакета антивирусных программ ClamAV и средства защиты от вредоносного программного обеспечения Cisco AMP…

CVSS

7.5

High

EPSS

0.00

Published

2022-01-01

Updated

2022-01-01

Description

Уязвимость библиотеки сканирования пакета антивирусных программ ClamAV и средства защиты от вредоносного программного обеспечения Cisco AMP для конечных устройств связана с ошибками освобождения памяти при синтаксическом анализе HTML-файлов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Tags · CWE

Pre-auth

Affected products

Cisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpointsCisco systems inc. Cisco amp for endpoints

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

2022-01-01

Published

2022-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Cisco

Clam Antivirus Cisco Amp For Endpoints

Product	Vendor	Status
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked
cisco amp for endpoints	cisco systems inc.	Tracked

Showing first 20 of 63

Source databases

BDU

Related vulnerabilities

CVE-2022-20785

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20785@https://bugzilla.redhat.com/show_bug.cgi?id=2082206@https://nvd.nist.gov/vuln/detail/CVE-2022-20785@https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR@https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html@https://bodhi.fedoraproject.org/updates/FEDORA-2022-b8691af27b@https://bodhi.fedoraproject.org/updates/FEDORA-2022-0ac71a8f3a@https://bodhi.fedoraproject.org/updates/FEDORA-2022-a910a41a17@https://bugzilla.redhat.com/show_bug.cgi?id=2082208@https://goslinux.fssp.gov.ru/2726972/@https://altsp.su/obnovleniya-bezopasnosti/@https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2285