ID

VAR-202104-0465


CVE

CVE-2021-1386


TITLE

ClamAV Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

DESCRIPTION

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ClamAV (Clam AntiVirus) is a set of free and open source antivirus software from the Clamav team. This software is used to detect Trojans, viruses, malware, and other malicious threats

Trust: 1.62

sources: NVD: CVE-2021-1386 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374440 // VULMON: CVE-2021-1386

AFFECTED PRODUCTS

vendor:ciscomodel:immunetscope:ltversion:7.4.0

Trust: 1.0

vendor:ciscomodel:advanced malware protection for endpointsscope:ltversion:7.3.15

Trust: 1.0

vendor:ciscomodel:clamavscope:ltversion:0.103.2

Trust: 1.0

sources: NVD: CVE-2021-1386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1386
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1386
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-439
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374440
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1386
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1386
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374440
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1386
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1386
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374440 // VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1386 // NVD: CVE-2021-1386

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

sources: VULHUB: VHN-374440 // NVD: CVE-2021-1386

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

PATCH

title:ClamAV Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147021

Trust: 0.6

title:Debian CVElist Bug Report Logs: ClamAV 0.103.2 security patch releaseurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=720c0e9e7dda9bfb798ad333a90ddef1

Trust: 0.1

title:Cisco: Cisco Advanced Malware Protection for Endpoints Windows Connector, ClamAV for Windows, and Immunet DLL Hijacking Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-amp-imm-dll-tu79hvkO

Trust: 0.1

sources: VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439

EXTERNAL IDS

db:NVDid:CVE-2021-1386

Trust: 1.8

db:PACKETSTORMid:162121

Trust: 0.6

db:AUSCERTid:ESB-2021.1166

Trust: 0.6

db:CS-HELPid:SB2021041368

Trust: 0.6

db:CNNVDid:CNNVD-202104-439

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-374440

Trust: 0.1

db:VULMONid:CVE-2021-1386

Trust: 0.1

sources: VULHUB: VHN-374440 // VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1386

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-amp-imm-dll-tu79hvko

Trust: 2.5

url:https://vigilance.fr/vulnerability/clamav-for-windows-executing-dll-code-35022

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1386

Trust: 0.6

url:https://packetstormsecurity.com/files/162121/clam-antivirus-toolkit-0.103.2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1166

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041368

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/427.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622

Trust: 0.1

sources: VULHUB: VHN-374440 // VULMON: CVE-2021-1386 // CNNVD: CNNVD-202104-439 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1386

CREDITS

Tomasz Kojm

Trust: 0.6

sources: CNNVD: CNNVD-202104-439

SOURCES

db:VULHUBid:VHN-374440
db:VULMONid:CVE-2021-1386
db:CNNVDid:CNNVD-202104-439
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-1386

LAST UPDATE DATE

2024-08-14T12:32:15.710000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374440date:2021-04-19T00:00:00
db:VULMONid:CVE-2021-1386date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202104-439date:2021-04-20T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-1386date:2023-11-07T03:28:09.800

SOURCES RELEASE DATE

db:VULHUBid:VHN-374440date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1386date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202104-439date:2021-04-07T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-1386date:2021-04-08T04:15:12.343