CVE-2024-20328 MEDIUM

CVE-2024-20328: ClamAV VirusEvent File Processing Command Injection Vulnerability

Vendor Cisco

Product ClamAV

Weakness CWE-78

Published March 1, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Key dates

02Disclosure timeline

March 1, 2024 CVE published

November 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-20328 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2024-20328

CWE CWE-78

CVSS 5.3 / MEDIUM

Affected versions

Vendor Cisco

Product ClamAV

Affected 1.2.0

Vendor Cisco

Product ClamAV

Affected 1.2.1

CVE-2024-20328: ClamAV VirusEvent File Processing Command Injection Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE