{"vulnerability": "CVE-2023-20052", "sightings": [{"uuid": "b1a64e2d-fe93-4eed-89af-a1837bf1447c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/nPhrPfiXPUHAf58D5YpbTj99KkY4hNzkYP0rbZrOEVdw3Nc", "content": "", "creation_timestamp": "2024-04-02T00:59:20.000000Z"}, {"uuid": "706755c4-37e8-4d98-a3a7-139a78170137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "seen", "source": "https://www.cert.at/de/warnungen/2023/2/kritische-sicherheitslucken-in-clamav", "content": "", "creation_timestamp": "2023-02-17T12:22:45.000000Z"}, {"uuid": "34cf5402-c354-4eca-b4ce-99b9d1f0e8ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4320", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\nURL\uff1ahttps://github.com/nokn0wthing/CVE-2023-25002\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-05-08T18:46:43.000000Z"}, {"uuid": "7ffe1d0d-c906-4c57-bf21-189fac965495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5111", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-20052 information leak vulnerability in the DMG file parser of ClamAV\nURL\uff1ahttps://github.com/cY83rR0H1t/CVE-2023-20052\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-10T09:34:17.000000Z"}, {"uuid": "1b80d7aa-8baf-40d8-b220-2a64f4246bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/U9kQWYV4XBaD38rFIhN0uQ-Nykzpy2yaL9dzIK4XRIgUVRk", "content": "", "creation_timestamp": "2023-02-22T06:20:02.000000Z"}, {"uuid": "76382a2a-c70a-4268-957a-e0acd9390247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "seen", "source": "Telegram/GnG5cQMMmIr2YbivI0ayfcPm2vUCK5KctNPpVJfEbtROTks", "content": "", "creation_timestamp": "2023-02-21T20:29:44.000000Z"}, {"uuid": "806193ca-9ef3-4fc1-ad19-21b960da3d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/10664", "content": "CVE-2023-20052\n\nCVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV\n\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\nPrivate: @RAVE_CGF", "creation_timestamp": "2024-04-02T00:59:21.000000Z"}, {"uuid": "1ed5615b-2353-4280-b68c-a94f11256b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "seen", "source": "https://t.me/arpsyndicate/1830", "content": "#ExploitObserverAlert\n\nCVE-2023-20052\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-20052. On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:   A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.   This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.\n\nFIRST-EPSS: 0.000620000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-12-16T14:45:12.000000Z"}, {"uuid": "ca115462-5876-4d5b-87dd-a1cdc38dcebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/IDULBW79zJZhskpsGVj91zDFqnvXO8OgHbEFqawpFcCxQpU", "content": "", "creation_timestamp": "2023-07-11T06:51:04.000000Z"}, {"uuid": "e4b3b4cb-236a-421a-896b-dac1a2e4bd1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "seen", "source": "https://t.me/true_secator/4084", "content": "Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 ClamAV - \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-20032 \u0438 \u0438\u043c\u0435\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 CVSS: 9,8.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0430\u0440\u0441\u0435\u0440\u043e\u043c \u0444\u0430\u0439\u043b\u043e\u0432 HFS+ \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u0439 ClamAV. \u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0435, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0435\u0433\u043e \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0440\u0430\u0437\u0434\u0435\u043b\u0430 HFS+ \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u043e\u044f\u0441\u043d\u0438\u043b\u0438, \u0447\u0442\u043e \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f ClamAV \u0438\u043b\u0438 \u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a DoS.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Secure Endpoint, \u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043a\u0430\u043a Advanced Malware Protection (AMP) \u0434\u043b\u044f Windows, macOS \u0438 Linux, Secure Endpoint Private Cloud \u0438 Secure Web Appliance.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0442\u0435\u043a\u0443\u0449\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 Cisco \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u0442\u0435\u0447\u043a\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 ClamAV DMG (CVE-2023-20052, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 5,3), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438. \u0411\u0430\u0433 \u0441\u0432\u044f\u0437\u0430\u043d \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0434\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 XML, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432.\n\n\u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u0418\u0422-\u0433\u0438\u0433\u0430\u043d\u0442 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c DoS, \u0432\u043b\u0438\u044f\u044e\u0449\u0443\u044e \u043d\u0430 \u043f\u0430\u043d\u0435\u043b\u044c \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Cisco Nexus (CVE-2023-20014, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,5) \u0438 \u0434\u0432\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 Email Security Appliance (ESA) \u0438 Secure Email and Web Manager (CVE-2023-20009 \u0438 CVE-2023-20075 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 6,5).", "creation_timestamp": "2023-02-17T16:30:07.000000Z"}, {"uuid": "f983a3e9-00ea-4835-9f4a-e6af8dbda443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/daeCUX95O6ZDqcl0fr7xMzropW9nHK8k-upy-41VtmVTfc0", "content": "", "creation_timestamp": "2023-07-12T18:59:04.000000Z"}, {"uuid": "fac75c52-4279-4417-b092-7db2d533f750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3447", "content": "\ud83d\udca5CVE-2023-20052 exploit\n\nTo create malicious DMG file:\n\n$ git clone https://github.com/XXXXXXXX/CVE-2023-XXXX.git\n$ cd CVE-2023-20052\n$ sudo docker build -t cve-2023-20052 .\n$ sudo docker run -v $(pwd):/exploit -it cve-2023-20052 bash\n$ genisoimage -D -V \"exploit\" -no-pad -r -apple -file-mode 0777 -o test.img . &amp;&amp; dmg dmg test.img test.dmg\n$ bbe -e 's|| ]&gt;|' -e 's/blkx/&amp;xxe\\;/' test.dmg -o exploit.dmg\nTo trigger exploit:\n\n$ clamscan --debug exploit.dmg", "creation_timestamp": "2023-05-10T15:21:50.000000Z"}, {"uuid": "beb8ba1c-3ef1-46ae-9a02-e488df8e9c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8270", "content": "#exploit\n1.CVE-2023-20052:\nInformation leak vulnerability in the DMG file parser of ClamAV\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\n2. Exploits for CVE-2023-27327, CVE-2023-27328\n(Parallels Desktop VM)\nhttps://github.com/kn32/parallels-plist-escape\n\n3. CVE-2023-28231:\nDHCP Server RCE (2008 R2 SP1 - Server 2019)\nhttps://github.com/glavstroy/CVE-2023-28231", "creation_timestamp": "2023-05-10T11:03:01.000000Z"}, {"uuid": "297c2c97-0e71-4678-9ca1-49f1e53a305b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20052", "type": "published-proof-of-concept", "source": "Telegram/M2s3PphtTCD9brru-X6QMyPesFMqQlhfbVnnLWpusEfiV5g", "content": "", "creation_timestamp": "2026-05-16T21:00:04.000000Z"}]}