CVE-2020-3344 – Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability
https://notcve.org/view.php?id=CVE-2020-3344
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. Una vulnerabilidad en Cisco AMP para Endpoints Linux Connector Software y Cisco AMP para Endpoints Mac Connector Software, podría permitir a un atacante local autenticado causar un desbordamiento de búfer sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4elinux-h33dkrvb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-1932 – Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1932
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service. Una vulnerabilidad en Advanced Malware Protection (AMP) de Cisco para Endpoints de Windows, podría permitir a un atacante local autenticado con privilegios de administrador ejecutar código arbitrario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-amp-commandinj • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2018-15452 – Cisco Advanced Malware Protection for Endpoints on Windows DLL Preloading Vulnerability
https://notcve.org/view.php?id=CVE-2018-15452
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. • http://www.securityfocus.com/bid/105759 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181029-amp-dll • CWE-427: Uncontrolled Search Path Element •
CVE-2018-15437 – Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15437
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion. • https://www.exploit-db.com/exploits/45829 http://www.securityfocus.com/bid/105867 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-imm-dos • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-0397
https://notcve.org/view.php?id=CVE-2018-0397
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192. • http://www.securityfocus.com/bid/104946 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-fampmac • CWE-399: Resource Management Errors •