What is CVE-2024-20328?

CVE-2024-20328 is a medium-severity vulnerability in Cisco Clamav, classified under OS Command Injection. CVSS score: 5.3/10. Published 2024-03-01.

How severe is CVE-2024-20328?

Medium severity. CVSS v3 base score is 5.3 out of 10.

RCE in Cisco Clamav

CVE-2024-20328

A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacke…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (54.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Cisco Clamav — versions 1.2.0, 1.2.1

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

blog.clamav.net/2023/11/clamav-130-122-105-released.html

Frequently asked questions

What is CVE-2024-20328?: CVE-2024-20328 is a medium-severity vulnerability in Cisco Clamav, classified under OS Command Injection. CVSS score: 5.3/10. Published 2024-03-01.
How severe is CVE-2024-20328?: Medium severity. CVSS v3 base score is 5.3 out of 10.