CVE-2026-20216: Allocation of Resources Without Limits or Throttling in Cisco Cisco Secure Endpoint
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
AI Analysis
Technical Summary
This vulnerability arises from ClamAV's InstallShield file format parser improperly managing temporary resources during scanning. An attacker can exploit this by submitting a malicious InstallShield file to Cisco Secure Endpoint, causing the ClamAV scanning process to terminate and temporarily exhausting system resources, resulting in a denial-of-service condition. The vulnerability affects numerous explicitly listed versions of Cisco Secure Endpoint. The CVSS 3.1 base score is 7.5, indicating high severity with network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability.
Potential Impact
Successful exploitation leads to termination of the ClamAV scanning process and temporary consumption of system resources on the affected device, causing a denial-of-service condition. There is no impact on confidentiality or integrity reported. The affected software becomes unavailable or degraded during the DoS condition.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been provided by Cisco at this time. Users should monitor Cisco advisories for updates and consider limiting exposure to untrusted InstallShield files until a fix is available.
CVE-2026-20216: Allocation of Resources Without Limits or Throttling in Cisco Cisco Secure Endpoint
Description
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
CVSS v3.1
Score 7.5high
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from ClamAV's InstallShield file format parser improperly managing temporary resources during scanning. An attacker can exploit this by submitting a malicious InstallShield file to Cisco Secure Endpoint, causing the ClamAV scanning process to terminate and temporarily exhausting system resources, resulting in a denial-of-service condition. The vulnerability affects numerous explicitly listed versions of Cisco Secure Endpoint. The CVSS 3.1 base score is 7.5, indicating high severity with network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability.
Potential Impact
Successful exploitation leads to termination of the ClamAV scanning process and temporary consumption of system resources on the affected device, causing a denial-of-service condition. There is no impact on confidentiality or integrity reported. The affected software becomes unavailable or degraded during the DoS condition.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been provided by Cisco at this time. Users should monitor Cisco advisories for updates and consider limiting exposure to untrusted InstallShield files until a fix is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- cisco
- Date Reserved
- 2025-10-08T11:59:15.398Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a45492827e9c79719d6204b
Added to database: 07/01/2026, 17:06:48 UTC
Last enriched: 07/01/2026, 17:25:10 UTC
Last updated: 07/02/2026, 00:01:57 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.