Cyber Resilience

CVE-2022-20770

High

Published: 04 May 2022

Published
04 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0086 75.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20770 is a high-severity an unspecified weakness vulnerability in Cisco Secure Endpoint. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 24.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5…

more

and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

clamav
clamav
≤ 0.103.5 · 0.104.0 — 0.104.2
cisco
secure endpoint
≤ 1.16.3 · ≤ 1.17.2 · ≤ 7.5.5
fedoraproject
fedora
34, 35, 36
debian
debian linux
9.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References