RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.7 P2
This article addresses the latest vulnerability found with ClamAV (HotFix Instructions for CVE-2023-20032 and CVE-2023-20052), The Antivirus Software that is pre-installed with the RSA Authentication Manager.
RSA Customer Advisory: ClamAV Vulnerability | (CVE-2023-20032)
The CVE-2023-20032 and CVE-2023-20052 are vulnerabilities that impact a third-party virus-scanning application pre-installed with RSA Authentication Manager. If you are not using “ClamAV” on your system, this vulnerability poses no additional risk. If necessary for compliance reasons, the ClamAV package can be safely removed. If you are using ClamAV, RSA highly recommends that you follow these instructions to manually update the “ClamAV” component as soon as possible.
These actions should have no impact on server operation but involve privileged access that is not without risk. RSA recommends that systems are backed-up or virtual backup images captured prior to applying any hotfix.