Sign-up

ID

VAR-202006-1143


CVE

CVE-2020-3350


TITLE

Cisco AMP for Endpoints and Clam AntiVirus Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006926

DESCRIPTION

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. Cisco AMP for Endpoints is a set of terminal applications from Cisco, which integrates static and dynamic malware analysis and threat intelligence. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. ========================================================================= Ubuntu Security Notice USN-4435-2 July 27, 2020 clamav vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in ClamAV. Software Description: - clamav: Anti-virus utility for Unix Details: USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2020-3481) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4435-2 https://usn.ubuntu.com/4435-1 CVE-2020-3327, CVE-2020-3350, CVE-2020-3481

Trust: 1.89

sources: NVD: CVE-2020-3350 // JVNDB: JVNDB-2020-006926 // VULHUB: VHN-181475 // PACKETSTORM: 158624 // PACKETSTORM: 158626

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:ciscomodel:advanced malware protection for endpointsscope:ltversion:1.12.4

Trust: 1.0

vendor:ciscomodel:clam antivirusscope:ltversion:0.102.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:ciscomodel:amp for endpointsscope: - version: -

Trust: 0.8

vendor:ciscomodel:clam antivirusscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006926 // NVD: CVE-2020-3350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3350
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3350
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006926
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1135
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181475
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3350
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006926
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181475
severity: LOW
baseScore: 3.3
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3350
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3350
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006926
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181475 // JVNDB: JVNDB-2020-006926 // CNNVD: CNNVD-202006-1135 // NVD: CVE-2020-3350 // NVD: CVE-2020-3350

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-181475 // JVNDB: JVNDB-2020-006926 // NVD: CVE-2020-3350

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1135

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1135

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006926

PATCH
title:cisco-sa-famp-ZEpdXyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy
Trust: 0.8
title:Cisco AMP for Endpoints  and Clam AntiVirus Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121828
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006926 // 
            
            
            
            CNNVD: CNNVD-202006-1135

EXTERNAL IDS
db:NVDid:CVE-2020-3350
Trust: 2.7
db:PACKETSTORMid:158626
Trust: 0.8
db:JVNDBid:JVNDB-2020-006926
Trust: 0.8
db:CNNVDid:CNNVD-202006-1135
Trust: 0.7
db:NSFOCUSid:48960
Trust: 0.6
db:AUSCERTid:ESB-2020.4350
Trust: 0.6
db:AUSCERTid:ESB-2020.2114
Trust: 0.6
db:AUSCERTid:ESB-2021.0056
Trust: 0.6
db:AUSCERTid:ESB-2020.4540
Trust: 0.6
db:AUSCERTid:ESB-2020.2558
Trust: 0.6
db:AUSCERTid:ESB-2020.4412
Trust: 0.6
db:AUSCERTid:ESB-2020.2704
Trust: 0.6
db:PACKETSTORMid:158454
Trust: 0.6
db:PACKETSTORMid:158624
Trust: 0.2
db:VULHUBid:VHN-181475
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181475 // 
            
            
            
            JVNDB: JVNDB-2020-006926 // 
            
            
            
            PACKETSTORM: 158624 // 
            
            
            
            PACKETSTORM: 158626 // 
            
            
            
            CNNVD: CNNVD-202006-1135 // 
            
            
            
            NVD: CVE-2020-3350

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-famp-zepdxy
Trust: 2.3
url:https://security.gentoo.org/glsa/202007-23
Trust: 1.7
url:https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html
Trust: 1.7
url:https://usn.ubuntu.com/4435-1/
Trust: 1.7
url:https://usn.ubuntu.com/4435-2/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3350
Trust: 1.6
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/
Trust: 1.0
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3350
Trust: 0.8
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/
Trust: 0.7
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/
Trust: 0.7
url:https://www.auscert.org.au/bulletins/esb-2020.4350/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.4412/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2114/
Trust: 0.6
url:https://packetstormsecurity.com/files/158454/clam-antivirus-toolkit-0.102.4.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.4540/
Trust: 0.6
url:https://vigilance.fr/vulnerability/clamav-three-vulnerabilities-32863
Trust: 0.6
url:https://packetstormsecurity.com/files/158626/ubuntu-security-notice-usn-4435-2.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2558/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2704/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.0056/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48960
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-3481
Trust: 0.2
url:https://usn.ubuntu.com/4435-1
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-3327
Trust: 0.2
url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.18.04.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.20.04.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.16.04.1
Trust: 0.1
url:https://usn.ubuntu.com/4435-2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181475 // 
            
            
            
            JVNDB: JVNDB-2020-006926 // 
            
            
            
            PACKETSTORM: 158624 // 
            
            
            
            PACKETSTORM: 158626 // 
            
            
            
            CNNVD: CNNVD-202006-1135 // 
            
            
            
            NVD: CVE-2020-3350

CREDITS
Ubuntu
Trust: 0.8
sources:
            
            
            PACKETSTORM: 158624 // 
            
            
            
            PACKETSTORM: 158626 // 
            
            
            
            CNNVD: CNNVD-202006-1135

SOURCES
db:VULHUBid:VHN-181475
db:JVNDBid:JVNDB-2020-006926
db:PACKETSTORMid:158624
db:PACKETSTORMid:158626
db:CNNVDid:CNNVD-202006-1135
db:NVDid:CVE-2020-3350

LAST UPDATE DATE
2024-08-14T12:36:04.404000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181475date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2020-006926date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1135date:2021-01-07T00:00:00
db:NVDid:CVE-2020-3350date:2023-11-07T03:22:37.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-181475date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006926date:2020-07-22T00:00:00
db:PACKETSTORMid:158624date:2020-07-27T18:46:40
db:PACKETSTORMid:158626date:2020-07-27T18:46:49
db:CNNVDid:CNNVD-202006-1135date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3350date:2020-06-18T03:15:14.027