CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15452 – Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability
https://notcve.org/view.php?id=CVE-2018-15452
13 Nov 2018 — A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit thi... • http://www.securityfocus.com/bid/105759 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2018-15437 – Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15437
08 Nov 2018 — A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and pr... • https://packetstorm.news/files/id/150241 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0397
https://notcve.org/view.php?id=CVE-2018-0397
01 Aug 2018 — A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts... • http://www.securityfocus.com/bid/104946 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0237
https://notcve.org/view.php?id=CVE-2018-0237
19 Apr 2018 — A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-amp • CWE-20: Improper Input Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12312
https://notcve.org/view.php?id=CVE-2017-12312
16 Nov 2017 — An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by cre... • http://www.securityfocus.com/bid/101930 • CWE-20: Improper Input Validation CWE-426: Untrusted Search Path •
CVSS: 6.7EPSS: 0%CPEs: 29EXPL: 0CVE-2017-12317
https://notcve.org/view.php?id=CVE-2017-12317
21 Oct 2017 — The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904. La aplicación Cisco AMP For Endpoints permite ... • http://www.securityfocus.com/bid/101520 • CWE-798: Use of Hard-coded Credentials •