Details of VAR-202104-0465

ID

VAR-202104-0465

CVE

CVE-2021-1386

TITLE

ClamAV Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

DESCRIPTION

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ClamAV (Clam AntiVirus) is a set of free and open source antivirus software from the Clamav team. This software is used to detect Trojans, viruses, malware, and other malicious threats

Trust: 1.62

sources: NVD: CVE-2021-1386 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374440 // VULMON: CVE-2021-1386

AFFECTED PRODUCTS

vendor:	cisco	model:	immunet	scope:	lt	version:	7.4.0	Trust: 1.0
vendor:	cisco	model:	advanced malware protection for endpoints	scope:	lt	version:	7.3.15	Trust: 1.0
vendor:	cisco	model:	clamav	scope:	lt	version:	0.103.2	Trust: 1.0

sources: NVD: CVE-2021-1386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1386
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1386
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-439
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374440
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1386
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1386
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374440
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1386
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1386
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374440 // VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1386 // NVD: CVE-2021-1386

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.1

sources: VULHUB: VHN-374440 // NVD: CVE-2021-1386

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

PATCH

title:	ClamAV Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147021	Trust: 0.6
title:	Debian CVElist Bug Report Logs: ClamAV 0.103.2 security patch release	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=720c0e9e7dda9bfb798ad333a90ddef1	Trust: 0.1
title:	Cisco: Cisco Advanced Malware Protection for Endpoints Windows Connector, ClamAV for Windows, and Immunet DLL Hijacking Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-amp-imm-dll-tu79hvkO	Trust: 0.1

sources: VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1386	Trust: 1.8
db:	PACKETSTORM	id:	162121	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1166	Trust: 0.6
db:	CS-HELP	id:	SB2021041368	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-439	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-374440	Trust: 0.1
db:	VULMON	id:	CVE-2021-1386	Trust: 0.1

sources: VULHUB: VHN-374440 // VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1386

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-amp-imm-dll-tu79hvko	Trust: 2.5
url:	https://vigilance.fr/vulnerability/clamav-for-windows-executing-dll-code-35022	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1386	Trust: 0.6
url:	https://packetstormsecurity.com/files/162121/clam-antivirus-toolkit-0.103.2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1166	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041368	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/427.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622	Trust: 0.1

sources: VULHUB: VHN-374440 // VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1386

CREDITS

Tomasz Kojm

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

SOURCES

db:	VULHUB	id:	VHN-374440
db:	VULMON	id:	CVE-2021-1386
db:	CNNVD	id:	CNNVD-202104-439
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-1386

LAST UPDATE DATE

2024-08-14T12:32:15.710000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374440	date:	2021-04-19T00:00:00
db:	VULMON	id:	CVE-2021-1386	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-439	date:	2021-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-1386	date:	2023-11-07T03:28:09.800

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374440	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-1386	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-439	date:	2021-04-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-1386	date:	2021-04-08T04:15:12.343