Vulnerability Details : CVE-2020-3350
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.
Products affected by CVE-2020-3350
- cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints:*:*:*:*:*:mac_os:*:*
- cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints:*:*:*:*:*:linux:*:*
- cpe:2.3:a:cisco:clam_antivirus:*:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-3350
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-3350
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:P |
3.4
|
4.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
Cisco Systems, Inc. | |
6.3
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.0
|
5.2
|
NIST |
CWE ids for CVE-2020-3350
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2020-3350
-
https://usn.ubuntu.com/4435-2/
USN-4435-2: ClamAV vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://security.gentoo.org/glsa/202007-23
ClamAV: Multiple vulnerabilities (GLSA 202007-23) — Gentoo securityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/
[SECURITY] Fedora 32 Update: clamav-0.102.4-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/
[SECURITY] Fedora 31 Update: clamav-0.102.4-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4435-1/
USN-4435-1: ClamAV vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy
Cisco AMP for Endpoints and ClamAV Privilege Escalation VulnerabilityVendor Advisory
-
https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html
[SECURITY] [DLA 2314-1] clamav security updateMailing List;Third Party Advisory
Jump to