Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2018-04-19 |
Product | Advanced Malware Protection For Endpoints | Last view | 2021-04-08 |
Version | 1.4(5) | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | mac_os_x | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:cisco:advanced_malware_protection_for_endpoints |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2021-04-08 | CVE-2021-1386 | A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. |
7.3 | 2021-01-20 | CVE-2021-1280 | A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges. |
6.3 | 2020-06-18 | CVE-2020-3350 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. |
5.5 | 2020-05-22 | CVE-2020-3344 | A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. |
5.5 | 2020-05-22 | CVE-2020-3343 | A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. |
6.1 | 2020-05-22 | CVE-2020-3314 | A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. |
5.8 | 2018-04-19 | CVE-2018-0237 | A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (2) | CWE-427 | Uncontrolled Search Path Element |
28% (2) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
14% (1) | CWE-706 | Use of Incorrectly-Resolved Name or Reference |
14% (1) | CWE-362 | Race Condition |
14% (1) | CWE-20 | Improper Input Validation |
Snort® IPS/IDS
Date | Description |
---|---|
2021-01-28 | OpenSSL configuration arbitrary DLL load attempt RuleID : 56894 - Type : FILE-OTHER - Revision : 2 |
2021-01-28 | OpenSSL configuration arbitrary DLL load attempt RuleID : 56893 - Type : FILE-OTHER - Revision : 2 |