CVE-2020-3350

2020-06-1803:15:14

Google

osv.dev

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

CPENameOperatorVersion
clamaveq0.96.5-r0
clamaveq0.100.3-r0
clamaveq0.102.2-r0
clamaveq0.96.2-r0
clamaveq0.95.1-r0
clamaveq0.95.3-r1
clamaveq0.97.6-r0
clamaveq0.98.5-r0
clamaveq0.94.2-r1
clamaveq0.99-r3

Name	Operator	Version
clamav	eq	0.96.5-r0
clamav	eq	0.100.3-r0
clamav	eq	0.102.2-r0
clamav	eq	0.96.2-r0
clamav	eq	0.95.1-r0
clamav	eq	0.95.3-r1
clamav	eq	0.97.6-r0
clamav	eq	0.98.5-r0
clamav	eq	0.94.2-r1
clamav	eq	0.99-r3