ClamAV DMG Parser XML External Entity Injection Before 1.0.0
CVE-2023-20052 Published on March 1, 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
Vulnerability Analysis
CVE-2023-20052 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2023-20052 has been classified to as a XXE vulnerability or weakness.
Products Associated with CVE-2023-20052
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-20052 are published in these products:
Affected Versions
Cisco Secure Endpoint:- Version 6.0.9 is affected.
- Version 6.0.7 is affected.
- Version 6.1.5 is affected.
- Version 6.1.7 is affected.
- Version 6.1.9 is affected.
- Version 6.2.1 is affected.
- Version 6.2.5 is affected.
- Version 6.2.19 is affected.
- Version 6.2.9 is affected.
- Version 6.3.5 is affected.
- Version 6.3.1 is affected.
- Version 6.3.7 is affected.
- Version 6.3.3 is affected.
- Version 7.0.5 is affected.
- Version 7.1.1 is affected.
- Version 7.1.5 is affected.
- Version 1.12.1 is affected.
- Version 1.12.2 is affected.
- Version 1.12.5 is affected.
- Version 1.12.0 is affected.
- Version 1.12.6 is affected.
- Version 1.12.3 is affected.
- Version 1.12.7 is affected.
- Version 1.12.4 is affected.
- Version 1.13.0 is affected.
- Version 1.13.1 is affected.
- Version 1.13.2 is affected.
- Version 1.11.0 is affected.
- Version 1.10.2 is affected.
- Version 1.10.1 is affected.
- Version 1.10.0 is affected.
- Version 1.14.0 is affected.
- Version 1.6.0 is affected.
- Version 1.9.0 is affected.
- Version 1.9.1 is affected.
- Version 1.8.1 is affected.
- Version 1.8.0 is affected.
- Version 1.8.4 is affected.
- Version 1.7.0 is affected.
- Version 7.2.13 is affected.
- Version 7.2.7 is affected.
- Version 7.2.3 is affected.
- Version 7.2.11 is affected.
- Version 7.2.5 is affected.
- Version 7.3.3 is affected.
- Version 7.3.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.