Privilege Escalation Vulnerability in ClamXAV 3 Helper Tool

Privilege Escalation Vulnerability in ClamXAV 3 Helper Tool

CVE-2020-26893 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.

Learn more about our Web Application Penetration Testing UK.