How severe is CVE-2024-20328?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-20328?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-20328 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2017-3806

MEDIUM

CVSS:5.3(Medium)

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject...

CWE-782017

CVE-2018-15726

MEDIUM

CVSS:5.3(Medium)

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

CWE-782018

CVE-2019-20807

MEDIUM

CVSS:5.3(Medium)

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

CWE-782019

CVE-2020-26294

MEDIUM

CVSS:5.3(Medium)

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server co...

CWE-782020

CVE-2020-3367

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command ...

CWE-782020

CVE-2021-30187

MEDIUM

CVSS:5.3(Medium)

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CWE-782021