Vulnerability Details CVE-2020-26893
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2020-26893
-
cpe:2.3:a:clamxav:clamxav:3.0.0
-
cpe:2.3:a:clamxav:clamxav:3.0.1
-
cpe:2.3:a:clamxav:clamxav:3.0.10
-
cpe:2.3:a:clamxav:clamxav:3.0.11
-
cpe:2.3:a:clamxav:clamxav:3.0.12
-
cpe:2.3:a:clamxav:clamxav:3.0.14
-
cpe:2.3:a:clamxav:clamxav:3.0.15
-
cpe:2.3:a:clamxav:clamxav:3.0.2
-
cpe:2.3:a:clamxav:clamxav:3.0.3
-
cpe:2.3:a:clamxav:clamxav:3.0.4
-
cpe:2.3:a:clamxav:clamxav:3.0.5
-
cpe:2.3:a:clamxav:clamxav:3.0.6
-
cpe:2.3:a:clamxav:clamxav:3.0.7
-
cpe:2.3:a:clamxav:clamxav:3.0.8
-
cpe:2.3:a:clamxav:clamxav:3.0.9
-
cpe:2.3:a:clamxav:clamxav:3.1