Home

CVE-2020-3350

Description

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

Risk Information

Base Score
6.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.131

Associated Vulnerability

VulnerabilityOS Platform
Anti-virus utility for Unix (USN-4435-1) clamav_0.102.4+dfsg-0ubuntu0.16.04.1_i386.debLinux
Anti-virus utility for Unix (USN-4435-1) clamav_0.102.4+dfsg-0ubuntu0.16.04.1_amd64.debLinux
Anti-virus utility for Unix (USN-4435-1) clamav_0.102.4+dfsg-0ubuntu0.18.04.1_i386.debLinux
Anti-virus utility for Unix (USN-4435-1) clamav_0.102.4+dfsg-0ubuntu0.18.04.1_amd64.debLinux
Anti-virus utility for Unix (USN-4435-1) clamav_0.102.4+dfsg-0ubuntu0.20.04.1_amd64.debLinux
SUSE-SU-2020:3729-1(SUSE Linux Enterprise Server 12-SP5 ) clamav-0.103.0-3.3.1.x86_64.rpmLinux
SUSE-SU-2020:3729-1(SUSE Linux Enterprise Server 12-SP5 ) clamav-debuginfo-0.103.0-3.3.1.x86_64.rpmLinux
SUSE-SU-2020:3729-1(SUSE Linux Enterprise Server 12-SP5 ) clamav-debugsource-0.103.0-3.3.1.x86_64.rpmLinux
Anti-virus utility for Unix (USN-4435-2) clamav_0.102.4+dfsg-0ubuntu0.12.04.1_i386.debLinux
Anti-virus utility for Unix (USN-4435-2) clamav_0.102.4+dfsg-0ubuntu0.12.04.1_amd64.debLinux
Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability For Cisco Secure EndpointNCM
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability (CVE-2020-3350)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706018Security Update for Cisco Secure Endpoint 5.0(1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234