7.8

CVE-2020-26893

EPSS 0.03%
Veröffentlicht 16.10.2020 13:15:11
Zuletzt bearbeitet 21.11.2024 05:20:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clamxav ≫ Clamxav Version >= 3.0.0 < 3.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.042

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://gist.github.com/matt-clamxav/d341bd48f12a14d2147f8ce860bb36d0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-26893

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26893

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26893

EUVD