Vulnerability CVE-2018-15437


Published: 2018-11-08

Description:
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Cisco Immunet / Cisco AMP For Endpoints Scanning Denial Of Service
hyp3rlinx
09.11.2018
Med.
Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 Denial of Service
hyp3rlinx
13.11.2018

Type:

CWE-254

(Security Features)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cisco -> Advanced malware protection for endpoints 
Cisco -> Immunet for endpoints 

 References:
http://www.securityfocus.com/bid/105867
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos
https://www.exploit-db.com/exploits/45829/

Copyright 2021, cxsecurity.com

 

Back to Top