Critical Vulnerability Information Vulnerability ID: cisco-sa-clamav-html-XAuOK8mR CVE Number: CVE-2022-20785 CWE Number: CWE-401 CVSS Score: Base Score 7.5 Risk Level: Medium Initial Release Date: May 4, 2022 Last Updated Date: December 15, 2022 Vulnerability Description: - The ClamAV HTML scanning library in versions 0.103.5 and earlier, and 0.104.2 and earlier, contains a memory leak vulnerability that could allow an unauthorized remote attacker to cause a denial-of-service condition on affected devices. Affected Products: - Cisco Secure Endpoint (formerly Advanced Malware Protection (AMP) for Endpoints, for Linux) - Cisco Secure Endpoint (formerly AMP for Endpoints, for Mac OS) - Cisco Secure Endpoint (formerly AMP for Endpoints, for Windows) Fixed Versions: - Secure Endpoint, for Linux: Versions 1.17.2, 1.18.0 - Secure Endpoint, for MacOS: Versions 1.16.3, 1.18.0 - Secure Endpoint, for Windows: Version 7.5.5 Products Not Affected by This Vulnerability: - Email Security Appliance (ESA) - Firepower Threat Defense (FTD) Software - Secure Email and Web Manager (formerly Security Management Appliance) - Web Security Appliance (WSA) Vulnerability Mitigation Recommendation: - It is recommended to consult the Cisco vulnerability ID listed in the Vulnerable Products section to obtain information about fixed software releases. Vulnerability Report Source: Michal Dardas