Cisco ClamAV Denial of Service Vulnerability

Release Date: 23 Jan 2025 2054 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability was identified in Cisco ClamAV. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

Note:

Proof Of Concept Exploit Code Is Publicly Available for CVE-2025-20128. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.

Impact

Denial of Service

System / Technologies affected

Cisco Secure Endpoint Connector for Linux versions prior to 1.25.1
Cisco Secure Endpoint Connector for Mac versions prior to 1.24.4
Cisco Secure Endpoint Connector for Windows versions prior to 7.5.20
Cisco Secure Endpoint Connector for Windows versions prior to 8.4.3
Cisco Secure Endpoint Private Cloud versions prior to 4.2.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

Vulnerability Identifier

CVE-2025-20128

Source

Cisco

Related Link

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

Related Tags

Share with

Google Chrome Multiple Vulnerabilities

23 Jan 2025 1726 Views

GitLab Multiple Vulnerabilities

24 Jan 2025 1491 Views