12 matches found
CVE-2019-1932
The CVE-2019-1932 issue affects Cisco AMP for Endpoints (Windows). The vulnerability arises from insufficient validation of dynamically loaded modules, enabling a local authenticated attacker with administrator privileges to place a file in a specific Windows path and execute code with the AMP se...
CVE-2020-3350
CVE-2020-3350 concerns ClamAV (and is referenced in the Cisco/AMP context in the initial doc). A vulnerability allowed a malicious user to trick clamscan, clamdscan or clamonacc into deleting or moving a different file than intended when using the --move or --remove options. The underlying issue ...
CVE-2021-1386
CVE-2021-1386 describes a DLL hijacking vulnerability in Cisco AMP for Endpoints Windows Connector, ClamAV for Windows, and Immunet. The issue arises from insufficient validation of directory search paths at run time, enabling an authenticated, local attacker to place a malicious DLL and execute ...
CVE-2018-15437
CVE-2018-15437 affects Cisco Immunet and Cisco AMP for Endpoints on Windows. The issue stems from improper resource handling in the system scanning component, enabling a local attacker to disable scanning and allow unanalysed executables to run. The vulnerability is a local Denial of Service to t...
CVE-2020-3314
Cisco AMP for Endpoints Mac Connector Software contains a file-scan denial-of-service vulnerability (CVE-2020-3314) caused by insufficient input validation of file attributes. A crafted file could crash the scan engine, restart the AMP Connector, and cause DoS of the Cisco AMP for Endpoints servi...
CVE-2021-1280
CVE-2021-1280 describes a DLL hijacking vulnerability in the loading mechanism of specific DLLs used by Cisco AMP for Endpoints (Windows) and Immunet (Windows). An authenticated, local attacker could exploit improper directory search path handling by placing a malicious DLL on the target system, ...
CVE-2020-3343
CVE-2020-3343 affects Cisco AMP for Endpoints Linux Connector Software and Mac Connector Software. The root cause is insufficient input validation that allows a crafted packet to trigger a memory buffer overflow, enabling an authenticated local attacker to crash the Cisco AMP for Endpoints servic...
CVE-2017-12312
The CVE-2017-12312 issue affects the Cisco Immunet antimalware installer, where an untrusted search path (DLL preloading) allows a local attacker with administrative privileges to run arbitrary code by placing a crafted DLL in the current working directory before installation. Root cause: incompl...
CVE-2018-0397
Cisco AMP for Endpoints Mac Connector on macOS 10.12 is affected by CVE-2018-0397. The flaw allows an unauthenticated remote attacker to trigger a kernel panic and DoS if the software is running in Block network conviction mode. Exploitation could occur when a server process is started and an IP ...
CVE-2020-3344
Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software contain a memory buffer vulnerability caused by insufficient input validation. An authenticated, local attacker can send a crafted packet to overflow a buffer, potentially crashing and restarting t...
CVE-2018-15452
Cisco AMP for Endpoints on Windows is affected by CVE-2018-15452 in the DLL loading component (DLL preloading). A local, authenticated attacker with administrative credentials can exploit improper validation of resources loaded by a system process by placing a crafted DLL in a specific location, ...
CVE-2018-0237
CVE-2018-0237 affects Cisco AMP for Endpoints macOS Connector. The vulnerability stems from a file type detection mechanism that relies solely on the DMG file extension to classify files. An unauthenticated, remote attacker could exploit this by sending a DMG with a nonstandard extension, potenti...